Jump to content

Recommended Posts

Hello and welcome to Malwarebytes,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Follow the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

 


Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
 
Note: the default location is C:\Windows\ERDNT which is acceptable.
 
Make sure that "System registry" and "Current user Registry"  check boxes are selected.
 
Click on OK
Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

Next,

 

Any importand data, videos, music, pictures etc that you cannot afford to lose should be backed up if not alread done. Go to the following link for basic help/instructions:

 

https://forums.malwarebytes.org/index.php?/topic/136226-backup-software/

 

Next,

 

Run the following scans and post the produced logs:

 

Step 1

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Step 2

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Thanks Kevin,

 

Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by aheyman (administrator) on AHEYMAN-CAPITAL on 06-02-2015 15:32:03
Running from C:\Users\aheyman.HUNNEMANCOMMERC\Downloads
Loaded Profiles: aheyman (Available profiles: aheyman & aheyman)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [Google Update] => C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-15] (Google Inc.)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-02] (Google Inc.)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\MountPoints2: {3bb88c2f-4e05-11e3-8f54-606c661f2e02} - D:\TL-Bootstrap.exe
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\MountPoints2: {847cea6d-15fb-11e3-9324-606c661f2e02} - F:\TL-Bootstrap.exe
Startup: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-1935655697-839522115-2661\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-602162358-1935655697-839522115-2661 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS553
SearchScopes: HKU\S-1-5-21-602162358-1935655697-839522115-2661 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS553
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-602162358-1935655697-839522115-2661 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @talk.google.com/GoogleTalkPlugin -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @talk.google.com/O1DPlugin -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @tools.google.com/Google Update;version=3 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @tools.google.com/Google Update;version=9 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Plugin ProgramFiles/Appdata: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-03-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR StartupUrls: Default -> "hxxp://gmail.com/", "hxxp://drmeth.com/index.php?r=16221110930138212153283#"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel? Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel? Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google Search) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Google Wallet) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-01-30]
CHR HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
S4 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S4 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
S4 Intel® Small Business Advantage; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 15:32 - 2015-02-06 15:33 - 00022271 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\FRST.txt
2015-02-06 15:31 - 2015-02-06 15:32 - 00000000 ____D () C:\FRST
2015-02-06 15:29 - 2015-02-06 15:30 - 02131968 _____ (Farbar) C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\FRST64.exe
2015-02-06 14:09 - 2015-02-06 14:09 - 00000000 ____D () C:\Windows\ERDNT
2015-02-06 14:06 - 2015-02-06 14:08 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-02-06 14:06 - 2015-02-06 14:06 - 00000935 _____ () C:\Users\aheyman\Desktop\NTREGOPT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000935 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\NTREGOPT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000916 _____ () C:\Users\aheyman\Desktop\ERUNT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000916 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\ERUNT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-02-06 14:00 - 2015-02-06 14:01 - 00791393 _____ (Lars Hederer ) C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\erunt-setup.exe
2015-02-06 11:21 - 2015-02-06 11:21 - 00002097 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\Clear Cache'd Memory.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\New folder
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\AskPartnerNetwork
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\ProgramData\APN
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2015-02-04 15:31 - 2015-02-04 15:31 - 00000000 ____D () C:\ProgramData\Sun
2015-02-04 15:31 - 2015-02-04 15:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-04 15:28 - 2015-02-04 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-04 15:26 - 2015-02-04 15:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-04 15:26 - 2015-02-04 15:26 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-04 15:22 - 2015-02-04 15:22 - 00639400 _____ (Oracle Corporation) C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\chromeinstall-8u31.exe
2015-02-04 14:27 - 2015-02-04 14:27 - 00596170 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\Class_7_Family_educational_involvement.pptx
2015-02-03 16:55 - 2015-02-03 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1d03ffc25fca63a.job
2015-02-02 20:43 - 2015-02-02 20:43 - 00055404 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\RR  Leasing Assumptions For Argus -POC Academy - WB.xlsx
2015-02-02 20:25 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Mozilla
2015-01-29 10:37 - 2015-01-29 10:49 - 00012302 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\Unconditional model predicting total score.xlsx
2015-01-13 16:47 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:47 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:47 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:47 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:47 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:47 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:47 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:47 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:45 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:45 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:45 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:45 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 23:03 - 2015-01-11 23:03 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\{141594C2-4609-44BE-BCA8-1E3E3BC9CDAC}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 15:31 - 2013-03-02 14:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 15:30 - 2013-09-09 12:38 - 00000000 ___RD () C:\Users\aheyman.HUNNEMANCOMMERC\Dropbox
2015-02-06 15:30 - 2013-09-09 12:34 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox
2015-02-06 15:30 - 2013-03-02 14:24 - 01839639 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 15:25 - 2013-09-09 08:46 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Skype
2015-02-06 15:20 - 2013-10-06 11:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-06 15:19 - 2013-11-15 15:41 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\HTC MediaHub
2015-02-06 15:16 - 2013-03-02 14:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 15:16 - 2013-03-02 14:26 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-06 14:43 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 14:43 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 14:40 - 2009-07-14 00:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 14:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 14:36 - 2009-07-13 23:51 - 00068332 _____ () C:\Windows\setupact.log
2015-02-06 14:31 - 2013-09-09 16:26 - 00007599 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Resmon.ResmonCfg
2015-02-06 13:51 - 2013-08-28 12:35 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\Documents\Outlook Files
2015-02-06 13:29 - 2013-08-28 12:15 - 00000160 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-05 16:47 - 2013-03-02 14:26 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-03 16:55 - 2014-11-12 14:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1cffeb14fd0b47b.job
2015-02-03 16:26 - 2013-03-02 14:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 16:26 - 2013-03-02 14:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-14 03:12 - 2013-08-26 10:29 - 00000000 ____D () C:\Windows\system32\MRT
 
 
Rogue Killer
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : aheyman [Administrator]
Mode : Scan -- Date : 02/06/2015  15:48:52
 
¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) APNMCP -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped
 
¤¤¤ Registry : 13 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC48EB49-0807-4C7D-8DF2-A9088CB561B1} | DhcpNameServer : 10.160.20.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC48EB49-0807-4C7D-8DF2-A9088CB561B1} | DhcpNameServer : 10.160.20.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CC48EB49-0807-4C7D-8DF2-A9088CB561B1} | DhcpNameServer : 10.160.20.4 [(Private Address) (XX)]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545032A7E380 +++++
--- User ---
[MBR] 38ac0093aea6a677142cdfcf39cf47ac
[bSP] a8103d884cbb5c16053b668211c3cc22 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Link to post
Share on other sites

Sorry, here goes: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by aheyman (administrator) on AHEYMAN-CAPITAL on 06-02-2015 15:32:03
Running from C:\Users\aheyman.HUNNEMANCOMMERC\Downloads
Loaded Profiles: aheyman (Available profiles: aheyman & aheyman)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [Google Update] => C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-15] (Google Inc.)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-02] (Google Inc.)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\MountPoints2: {3bb88c2f-4e05-11e3-8f54-606c661f2e02} - D:\TL-Bootstrap.exe
HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\MountPoints2: {847cea6d-15fb-11e3-9324-606c661f2e02} - F:\TL-Bootstrap.exe
Startup: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-1935655697-839522115-2661\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-602162358-1935655697-839522115-2661 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS553
SearchScopes: HKU\S-1-5-21-602162358-1935655697-839522115-2661 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS553
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-602162358-1935655697-839522115-2661 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @talk.google.com/GoogleTalkPlugin -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @talk.google.com/O1DPlugin -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @tools.google.com/Google Update;version=3 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: @tools.google.com/Google Update;version=9 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-602162358-1935655697-839522115-2661: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Plugin ProgramFiles/Appdata: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-03-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR StartupUrls: Default -> "hxxp://gmail.com/", "hxxp://drmeth.com/index.php?r=16221110930138212153283#"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel? Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel? Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google Search) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Google Wallet) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-01-30]
CHR HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
S4 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S4 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
S4 Intel® Small Business Advantage; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 15:32 - 2015-02-06 15:33 - 00022271 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\FRST.txt
2015-02-06 15:31 - 2015-02-06 15:32 - 00000000 ____D () C:\FRST
2015-02-06 15:29 - 2015-02-06 15:30 - 02131968 _____ (Farbar) C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\FRST64.exe
2015-02-06 14:09 - 2015-02-06 14:09 - 00000000 ____D () C:\Windows\ERDNT
2015-02-06 14:06 - 2015-02-06 14:08 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-02-06 14:06 - 2015-02-06 14:06 - 00000935 _____ () C:\Users\aheyman\Desktop\NTREGOPT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000935 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\NTREGOPT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000916 _____ () C:\Users\aheyman\Desktop\ERUNT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000916 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\ERUNT.lnk
2015-02-06 14:06 - 2015-02-06 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-02-06 14:00 - 2015-02-06 14:01 - 00791393 _____ (Lars Hederer ) C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\erunt-setup.exe
2015-02-06 11:21 - 2015-02-06 11:21 - 00002097 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\Clear Cache'd Memory.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\Desktop\New folder
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\AskPartnerNetwork
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\ProgramData\APN
2015-02-04 15:34 - 2015-02-04 15:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2015-02-04 15:31 - 2015-02-04 15:31 - 00000000 ____D () C:\ProgramData\Sun
2015-02-04 15:31 - 2015-02-04 15:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-04 15:28 - 2015-02-04 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-04 15:26 - 2015-02-04 15:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-04 15:26 - 2015-02-04 15:26 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-04 15:22 - 2015-02-04 15:22 - 00639400 _____ (Oracle Corporation) C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\chromeinstall-8u31.exe
2015-02-04 14:27 - 2015-02-04 14:27 - 00596170 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\Class_7_Family_educational_involvement.pptx
2015-02-03 16:55 - 2015-02-03 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1d03ffc25fca63a.job
2015-02-02 20:43 - 2015-02-02 20:43 - 00055404 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\RR  Leasing Assumptions For Argus -POC Academy - WB.xlsx
2015-02-02 20:25 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Mozilla
2015-01-29 10:37 - 2015-01-29 10:49 - 00012302 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\Unconditional model predicting total score.xlsx
2015-01-13 16:47 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:47 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:47 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:47 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:47 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:47 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:47 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:47 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:45 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:45 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:45 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:45 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 23:03 - 2015-01-11 23:03 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\{141594C2-4609-44BE-BCA8-1E3E3BC9CDAC}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 15:31 - 2013-03-02 14:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 15:30 - 2013-09-09 12:38 - 00000000 ___RD () C:\Users\aheyman.HUNNEMANCOMMERC\Dropbox
2015-02-06 15:30 - 2013-09-09 12:34 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox
2015-02-06 15:30 - 2013-03-02 14:24 - 01839639 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 15:25 - 2013-09-09 08:46 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Skype
2015-02-06 15:20 - 2013-10-06 11:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-06 15:19 - 2013-11-15 15:41 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\HTC MediaHub
2015-02-06 15:16 - 2013-03-02 14:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 15:16 - 2013-03-02 14:26 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-06 14:43 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 14:43 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 14:40 - 2009-07-14 00:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 14:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 14:36 - 2009-07-13 23:51 - 00068332 _____ () C:\Windows\setupact.log
2015-02-06 14:31 - 2013-09-09 16:26 - 00007599 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Resmon.ResmonCfg
2015-02-06 13:51 - 2013-08-28 12:35 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\Documents\Outlook Files
2015-02-06 13:29 - 2013-08-28 12:15 - 00000160 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-05 16:47 - 2013-03-02 14:26 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-03 16:55 - 2014-11-12 14:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1cffeb14fd0b47b.job
2015-02-03 16:26 - 2013-03-02 14:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 16:26 - 2013-03-02 14:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-14 03:12 - 2013-08-26 10:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2013-08-26 10:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 23:04 - 2014-09-30 12:29 - 00000000 ____D () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Windows Live
2015-01-09 18:08 - 2009-07-14 00:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2013-10-05 19:55 - 2013-10-05 19:55 - 0000218 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\recently-used.xbel
2013-09-09 16:26 - 2015-02-06 14:31 - 0007599 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\APNSetup.exe
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\BackupSetup.exe
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfrcye.dll
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\Player_Setup.exe
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\Quarantine.exe
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\tbVafm.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-05 11:11
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by aheyman at 2015-02-06 15:33:53
Running from C:\Users\aheyman.HUNNEMANCOMMERC\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2010 Trends in the Hotel Industry (HKLM-x32\...\{906926E4-B0BD-4DA8-B319-F0AB9A1D4026}) (Version: 1.00.0000 - PKF Hospitality Research)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARGUS Valuation - DCF (HKLM-x32\...\{6CE2293A-4199-4389-A92B-1EADC35B5F33}) (Version: 15.0.1.25 - ARGUS Software)
Argus.ArgusOBA.ExcelAddin2007 (HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\E8858243A0567D069F062298B6BB6D5E35FDBD7E) (Version: 1.0.0.44 - Microsoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dropbox (HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.11.0 - HTC)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 45246 - Intel)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version:  - Intel® Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Password Vault (HKLM\...\{C5BB9380-D729-410A-A440-061EBCADCCB9}) (Version: 5.4.100.232 - AuthenTec, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1801}) (Version: 12.24.1.51 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.4.17 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM\...\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1935655697-839522115-2661_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {048EE69D-B662-4194-9EDA-089BF017F69A} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {06709E0A-973D-44AA-9BDE-0637F4755E5C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {098D737A-9434-42C4-8EA5-BD65A28F93FB} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {184D965A-3727-4FA4-9ECC-580B41B9A221} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for HUNNEMANCOMMERC.aheyman => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {1C5463E4-3956-4B0D-B90D-3C209D84FA78} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {2C0D4771-86F8-4F32-A411-D1A478C338D3} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {3AB09D09-24E2-43DF-8F6F-4A640DF0A8DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {65760E1C-D583-4FC5-957E-24F6BF3508DB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {7E83AC7F-D2C5-488A-BBDF-ABEC01C1D282} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {B90D6C4D-4615-4CEC-AE3A-A80481BBA05B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D67C3A44-02A3-42F0-9648-AE402A74181D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {DB3A2C91-63F0-4DEE-B368-83BBD8B38E92} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {E2EDBDCC-C66E-4EF9-AE86-92D5127875ED} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {E95A7C74-D2B0-424A-BBBA-AC5D17B8E0D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EC564D0F-3C65-47C4-8799-45294CDDE245} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1cf89b7b77f9c46.job => C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1cfedce6bef548f.job => C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1cffeb14fd0b47b.job => C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1935655697-839522115-2661Core1d03ffc25fca63a.job => C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-11-08 14:49 - 2012-11-08 14:49 - 01929216 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\EF795636.dll
2013-03-02 14:26 - 2012-03-06 17:49 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-15 16:46 - 2013-11-15 16:46 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 16:45 - 2013-11-15 16:45 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-11-15 16:46 - 2013-11-15 16:46 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-11-15 16:46 - 2013-11-15 16:46 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-11-15 16:46 - 2013-11-15 16:46 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-11-15 16:46 - 2013-11-15 16:46 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-11-15 16:47 - 2013-11-15 16:47 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-15 16:48 - 2013-11-15 16:48 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-03-02 14:39 - 2011-08-02 07:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-03-02 14:39 - 2011-08-02 07:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-06 15:19 - 2015-02-06 15:19 - 00043008 _____ () c:\users\aheyma~1.hun\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfrcye.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-03-02 14:53 - 2013-07-18 17:30 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-03-02 14:53 - 2013-07-18 17:31 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-09-01 16:34 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 16:34 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 16:34 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 16:34 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-08-21 13:18 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-06 15:19 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-06 15:19 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-06 15:19 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-06-01 14:05 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-01 16:34 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-21 09:35 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 13:20 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-05 21:46 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 21:46 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 21:46 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 21:46 - 2015-02-04 04:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-602162358-1935655697-839522115-2661\Control Panel\Desktop\\Wallpaper -> C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: FastbootService => 2
MSCONFIG\Services: FPLService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HyperW7Svc => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Small Business Advantage => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NitroDriverReadSpool2 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VIPAppService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: Fastboot => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: IntelSBA => C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-835838043-640483973-2287029694-500 - Administrator - Disabled)
aheyman (S-1-5-21-835838043-640483973-2287029694-1000 - Administrator - Enabled) => C:\Users\aheyman
Guest (S-1-5-21-835838043-640483973-2287029694-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/06/2015 02:36:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/06/2015 03:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (02/06/2015 03:20:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (02/06/2015 03:15:55 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HUNNEMANCOMMERC)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/06/2015 02:36:08 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (02/06/2015 02:36:07 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain HUNNEMANCOMMERC due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/06/2015 02:33:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/06/2015 02:36:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 88%
Total physical RAM: 1637.48 MB
Available physical RAM: 190.29 MB
Total Pagefile: 3274.97 MB
Available Pagefile: 1449.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:279.05 GB) (Free:151.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:5.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B82EA4B2)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
then 
 
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : aheyman [Administrator]
Mode : Scan -- Date : 02/06/2015  15:48:52
 
¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) APNMCP -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped
 
¤¤¤ Registry : 13 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC48EB49-0807-4C7D-8DF2-A9088CB561B1} | DhcpNameServer : 10.160.20.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC48EB49-0807-4C7D-8DF2-A9088CB561B1} | DhcpNameServer : 10.160.20.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CC48EB49-0807-4C7D-8DF2-A9088CB561B1} | DhcpNameServer : 10.160.20.4 [(Private Address) (XX)]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-602162358-1935655697-839522115-2661\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545032A7E380 +++++
--- User ---
[MBR] 38ac0093aea6a677142cdfcf39cf47ac
[bSP] a8103d884cbb5c16053b668211c3cc22 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Link to post
Share on other sites

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Windows\system32\spool\DRIVERS\x64\3\EF795636.dll
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.


 

Link to post
Share on other sites

SHA256: 96804d9ff2f5ea84573d160b946624f2d49c38d4fe54f524c02c57e122f30caa File name: EF795636.dll Detection ratio: 0 / 56 Analysis date: 2015-02-07 02:47:48 UTC ( 0 minutes ago )

 

Ad-Aware   20150207 AegisLab   20150207 Agnitum   20150206 AhnLab-V3   20150206 Alibaba   20150206 ALYac   20150207 Antiy-AVL   20150206 Avast   20150206 AVG   20150207 Avira   20150207 AVware   20150207 Baidu-International   20150206 BitDefender   20150207 Bkav   20150206 ByteHero   20150207 CAT-QuickHeal   20150205 ClamAV   20150206 CMC   20150205 Comodo   20150207 Cyren   20150207 DrWeb   20150207 Emsisoft   20150207 ESET-NOD32   20150207 F-Prot   20150207 F-Secure   20150207 Fortinet   20150207 GData   20150207 Ikarus   20150206 K7AntiVirus   20150206 K7GW   20150207 Kaspersky   20150207 Kingsoft   20150207 Malwarebytes   20150207 McAfee   20150207 McAfee-GW-Edition   20150206 Microsoft   20150207 MicroWorld-eScan   20150207 NANO-Antivirus   20150207 Norman   20150206 nProtect   20150206 Panda   20150206 Qihoo-360   20150207 Rising   20150206 Sophos   20150207 SUPERAntiSpyware   20150207 Symantec   20150207 Tencent   20150207 TheHacker   20150206 TotalDefense   20150206 TrendMicro   20150207 TrendMicro-HouseCall   20150207 VBA32   20150206 VIPRE   20150207 ViRobot   20150206 Zillya   20150206 Zoner   20150206
Link to post
Share on other sites


Target machine x64

Compilation timestamp 2012-10-04 16:14:23

Entry Point 0x0013A1D0

Number of sections 7



 PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 1344588 1345024 5.11 ae46cda144d64bd896d4c24f7f46a505

.rdata 1351680 289819 290304 4.31 aafe230a33ef0220ac8ee12ed7982024

.data 1642496 43736 28160 2.81 97e00271e9a2cca4361343fe25c6d064

.pdata 1687552 76416 76800 5.72 fdf5421a13685281ed863e3601eb73c0

.idata 1765376 20146 20480 4.03 27811b3211ad084391602142e79b91c8

.rsrc 1785856 158508 158720 6.99 411a8fc79159b8a50bb4e5287e5b23b2

.reloc 1945600 8651 8704 2.85 6e151103e2494c70bb2fd29345f7c2dc



 PE imports


 PE exports

DllCanUnloadNow

DllGetClassObject



 Number of PE resources by type

PNG 19

RT_BITMAP 3

RT_STRING 1

RT_MANIFEST 1



 Number of PE resources by language

ENGLISH US 24



 ExifTool file metadata


MIMEType

application/octet-stream



Subsystem

Windows GUI



MachineType

AMD AMD64



TimeStamp

2012:10:04 17:14:23+01:00



FileType

Win64 DLL



PEType

PE32+



CodeSize

1345024



LinkerVersion

8.0



FileAccessDate

2015:02:07 03:47:51+01:00



EntryPoint

0x13a1d0



InitializedDataSize

599040



SubsystemVersion

5.2



ImageVersion

5.0



OSVersion

4.0



FileCreateDate

2015:02:07 03:47:51+01:00



UninitializedDataSize

0

 


Link to post
Share on other sites

Thanks for the VT log, file is clean. Continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Kevin..

 

 

Fixlist.txt

Link to post
Share on other sites

Everything seems ok--svchost ran and used about 60% of the memory it usually uses, which is good.  My company also got hit with a pretty big attack yesterday, but as of now it seems unrelated.  

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015

Ran by aheyman at 2015-02-07 06:31:29 Run:1

Running from C:\Users\aheyman.HUNNEMANCOMMERC\Downloads

Loaded Profiles: aheyman (Available profiles: aheyman & aheyman)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN)

C:\Program Files (x86)\AskPartnerNetwork

C:\ProgramData\AskPartnerNetwork

C:\ProgramData\APN

HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\MountPoints2: {3bb88c2f-4e05-11e3-8f54-606c661f2e02} - D:\TL-Bootstrap.exe

HKU\S-1-5-21-602162358-1935655697-839522115-2661\...\MountPoints2: {847cea6d-15fb-11e3-9324-606c661f2e02} - F:\TL-Bootstrap.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-602162358-1935655697-839522115-2661\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\APNSetup.exe

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\BackupSetup.exe

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfrcye.dll

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\globalKeyChecker.exe

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\Player_Setup.exe

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\Quarantine.exe

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\SkypeSetup.exe

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\tbVafm.dll

Task: {7E83AC7F-D2C5-488A-BBDF-ABEC01C1D282} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Emptytemp:

end

 

 

 

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value deleted successfully.

C:\Program Files (x86)\AskPartnerNetwork => Moved successfully.

C:\ProgramData\AskPartnerNetwork => Moved successfully.

C:\ProgramData\APN => Moved successfully.

"HKU\S-1-5-21-602162358-1935655697-839522115-2661\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb88c2f-4e05-11e3-8f54-606c661f2e02}" => Key deleted successfully.

HKCR\CLSID\{3bb88c2f-4e05-11e3-8f54-606c661f2e02} => Key not found. 

"HKU\S-1-5-21-602162358-1935655697-839522115-2661\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{847cea6d-15fb-11e3-9324-606c661f2e02}" => Key deleted successfully.

HKCR\CLSID\{847cea6d-15fb-11e3-9324-606c661f2e02} => Key not found. 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-602162358-1935655697-839522115-2661\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

Chrome DefaultSuggestURL not detected.

APNMCP => Service deleted successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\APNSetup.exe => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\BackupSetup.exe => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfrcye.dll => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\globalKeyChecker.exe => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\Player_Setup.exe => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

C:\Users\aheyman.HUNNEMANCOMMERC\AppData\Local\Temp\tbVafm.dll => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E83AC7F-D2C5-488A-BBDF-ABEC01C1D282}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E83AC7F-D2C5-488A-BBDF-ABEC01C1D282}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.

EmptyTemp: => Removed 8 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 06:34:28 ====

 


# AdwCleaner v4.110 - Logfile created 07/02/2015 at 08:45:12

# Updated 05/02/2015 by Xplode

# Database : 2015-02-05.2 [server]

# Operating system : Windows 7 Professional Service Pack 1 (x64)

# Username : aheyman - AHEYMAN-CAPITAL

# Running from : C:\Users\aheyman.HUNNEMANCOMMERC\Downloads\AdwCleaner (1).exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Windows\Util

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\AskPartnerNetwork

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork

Key Deleted : HKLM\SOFTWARE\hdcode

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Google Chrome v40.0.2214.111

 

 

*************************

 

AdwCleaner[R0].txt - [5568 bytes] - [24/10/2013 16:52:26]

AdwCleaner[R1].txt - [1397 bytes] - [07/02/2015 08:39:59]

AdwCleaner[s0].txt - [5578 bytes] - [24/10/2013 16:53:13]

AdwCleaner[s1].txt - [1283 bytes] - [07/02/2015 08:45:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1342  bytes] ##########

 


 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)

Started On Mon Aug 26 11:29:14 2013

 

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 26 11:32:36 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)

Started On Fri Sep 13 03:09:15 2013

 

Engine: 1.1.9800.0

Signatures: 1.157.932.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 13 03:12:48 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)

Started On Fri Oct 11 03:08:03 2013

 

Engine: 1.1.9901.0

Signatures: 1.159.530.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 11 03:12:09 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Wed Nov 13 16:38:17 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 16:40:25 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)

Started On Mon Dec 16 03:00:53 2013

 

Engine: 1.1.10100.0

Signatures: 1.163.1013.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 16 03:04:18 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)

Started On Wed Jan 15 16:08:10 2014

 

Engine: 1.1.10201.0

Signatures: 1.165.1273.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 15 16:11:58 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)

Started On Sun Feb 16 13:15:09 2014

 

Engine: 1.1.10201.0

Signatures: 1.165.3163.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 13:18:01 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)

Started On Tue Mar 18 03:00:34 2014

 

Engine: 1.1.10302.0

Signatures: 1.167.1001.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 18 03:03:32 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)

Started On Thu Apr 10 03:02:07 2014

 

Engine: 1.1.10401.0

Signatures: 1.169.1258.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:04:59 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)

Started On Thu May 15 03:03:39 2014

 

Engine: 1.1.10502.0

Signatures: 1.173.1305.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:10:24 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)

Started On Wed Jun 11 03:04:52 2014

 

Engine: 1.1.10600.0

Signatures: 1.175.1113.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 03:07:55 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)

Started On Thu Jul 10 03:03:34 2014

 

Engine: 1.1.10701.0

Signatures: 1.177.949.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 03:06:57 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Fri Aug 15 03:17:26 2014

 

Engine: 1.1.10802.0

Signatures: 1.179.1796.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 03:29:57 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Thu Sep 11 21:32:18 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Thu Oct 16 03:00:49 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 03:10:04 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Thu Nov 13 03:02:21 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 03:10:53 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 11 03:05:27 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 03:12:30 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Wed Jan 14 03:00:41 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 03:12:07 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Feb 07 08:55:33 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 07 12:20:43 2015

 

 

Return code: 0 (0x0)

 


 

Link to post
Share on other sites

Thanks for the update and logs, if no remaining issues or concerns run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

How to remove ERUNT (unless you want to keep it):

 

Uninstall ERUNT from your computer by using the Add/Remove Program feature in the Window's Control Panel.

  1. On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
    • Windows Vista/7/8: Click Uninstall a Program.
    • Windows XP: Click Add or Remove Programs.
  2. When you find the program ERUNT 1.1j, click it, and then do one of the following:
  3. Windows Vista/7/8: Click Uninstall.
  4. Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
  5. Follow the prompts. A progress bar shows you how long it will take to remove ERUNT.

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.