Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU use by Microsoft Windows Search Indexer - Windows 8.1


  • Please log in to reply
29 replies to this topic

#1 bachmani

bachmani

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 February 2016 - 12:37 PM

I'm not sure if my computer is/was infected, if I have/had a corrupt user profile, if my HDD has problems, and/or other?

 

I just checked task manager since the HDD light is on constantly and Microsoft Windows Search Indexer is using ~90% CPU. 

 

My computer problems started a few days ago with device unrecognized messages coming up and I was not able to save files. I restarted my computer and was not able to access C drive (it showed up in Windows Explorer, but not device manager).

 

Steps I've gone through since the problem started:

- I started my computer in safe mode and was getting an error window that Windows Help and Support couldn't start

- I tried running the system file checker tool and got the message that Windows Resource Protection couldn't perform the requested operation

- I tried running chkdsk and got a bad image error saying that c:\windows\SYSTEM32\fsutilext.dll is either not designed to run on Windows or it contains an error (Error status 0xc000012f)

- I tried to run chkdsk again from command prompt and got the messages that it couldn't run because the volume was in use by another process so I scheduled the volume to be checked the next time the system restarts

- Next I right clicked on my C drive and clicked Properties to check, I then got a message saying that MMC has detected an error in a snap-in and will unload it. I pressed unload and got an exception error.

- I checked that Windows Event Log Properties (local computer) was running and that the start-up type was automatic.

- I restarted my computer to repair the drive (there were two important messages on the taskbar (restart drive to repair errors and turn on Windows Security Center which I was unable to do). After these repairs I got an Explorer - Bad Image message (0xc0000020) and Bad Image errors for some other programs.

- I confirmed that Symantec was running and I uninstalled Google Earth which I had installed the day before the problems started.

- I ran sfc /scannow in safe mode and Windows Resource Protection found corrupt files but was unable to fix some of them.

- I uninstalled Creative Cloud desktop which had also been installed the day before the problem started.

- I ran Rkill and nothing was found.

- I ran Malwarebytes and removed some PUPs (LenovoBrowserGuard,SearchProtect, VisualDiscovery, WinYahoo, and Winsock).

 

Could someone recommend to me which steps I should go through to identify whether my computer is infected or not? My computer is a Lenovo Y50-70 running Windows 8.1.

 

Thank you for your help!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:11 PM

Posted 20 February 2016 - 12:53 PM

Welcome to BC...

Though your problem(s) seem more than adware and malware...use the programs below to find and remove both.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
  • f it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 February 2016 - 01:26 PM

Thank you, I will follow these steps.

I have CCCleaner Cloud already installed on my computer, is it okay to use the Cloud version or should I download the desktop version?

#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:11 PM

Posted 20 February 2016 - 01:35 PM

The version you have should work. I often ask later for info using CCleaner's tools. As long as you are using the

default settings...especially cleaning out all temporary files, cached files and cookies...should be good enough.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 February 2016 - 02:36 PM

I uninstalled CCCleaner cloud and installed the desktop version since that was what I originally wanted. I restarted my computer and Symantec quarantined Bloodhound.MaIPE which was in a lenovobrowserguard\bin folder. I am running a full virus scan and CCCleaner and then will proceed through the next steps.

#6 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:11 PM

Posted 20 February 2016 - 02:56 PM

According to Symantec it is a heuristic finding. Which means it is possibly malware.

QUOTE: Bloodhound.MalPE is a heuristic detection used to detect threats associated with the Backdoor.Tidserv family.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 February 2016 - 03:38 PM

Here is the log file from AdwCleaner. I am running JRT next.

 

# AdwCleaner v5.035 - Logfile created 20/02/2016 at 10:58:12
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Windows 8.1  (x64)
# Username : bachmani - HAEMATOPUS
# Running from : C:\Users\bachmani\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\nx\AppData\Local\pokki
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
[-] Key Deleted : HKU\S-1-5-21-4250382797-2526542320-422297723-1004\Software\Pokki
[-] Key Deleted : HKU\S-1-5-21-4250382797-2526542320-422297723-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com
[-] Value Deleted : HKU\S-1-5-21-4250382797-2526542320-422297723-1004\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
[-] Key Deleted : HKCU\Software\Classes\pokki
 
***** [ Web browsers ] *****
 
[-] [C:\Users\bachmani\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\bachmani\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo
[-] [C:\Users\bachmani\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
 
fullyhosted_003&type=wncy_frg01_15_19&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dca%26pa%3DWincy%26cd
 
%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtD0E0Azzzz0AzztC0CtCtN0D0Tzu0StCtBtBtBtN1L2XzutAtFtCtDtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0F0EyCtByC0CtBtGtB0BtC0DtG0EzzzytDtG0CzyyC
 
0AtGyE0EtCtAyDyDtByB0DyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DzztCyCzy0CtGyB0C0FzytGyE0B0DyEtG0BtC0C0BtGtCyB0BtBtB0CzytA0Czz0BtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByEzz%26cr
 
%3D694837833%26a%3Dwncy_frg01_15_19%26os%3DWindows 
 
8.1&a=wncy_frg01_15_19&cd=2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtD0E0Azzzz0AzztC0CtCtN0D0Tzu0StCtBtBtBtN1L2XzutAtFtCtDtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0F0EyCtByC0CtBtGtB0
 
BtC0DtG0EzzzytDtG0CzyyC0AtGyE0EtCtAyDyDtByB0DyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DzztCyCzy0CtGyB0C0FzytGyE0B0DyEtG0BtC0C0BtGtCyB0BtBtB0CzytA0Czz0BtC2QtN0A0LzuyEtN1B2Z
 
1V1T1S1NzuyByEzz&cr=694837833&ir=&uref=chmm
[-] [C:\Users\bachmani\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\bachmani\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo
[-] [C:\Users\bachmani\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
 
fullyhosted_003&type=wncy_frg01_15_19&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dca%26pa%3DWincy%26cd
 
%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtD0E0Azzzz0AzztC0CtCtN0D0Tzu0StCtBtBtBtN1L2XzutAtFtCtDtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0F0EyCtByC0CtBtGtB0BtC0DtG0EzzzytDtG0CzyyC
 
0AtGyE0EtCtAyDyDtByB0DyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DzztCyCzy0CtGyB0C0FzytGyE0B0DyEtG0BtC0C0BtGtCyB0BtBtB0CzytA0Czz0BtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByEzz%26cr
 
%3D694837833%26a%3Dwncy_frg01_15_19%26os%3DWindows 
 
8.1&a=wncy_frg01_15_19&cd=2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtD0E0Azzzz0AzztC0CtCtN0D0Tzu0StCtBtBtBtN1L2XzutAtFtCtDtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0F0EyCtByC0CtBtGtB0
 
BtC0DtG0EzzzytDtG0CzyyC0AtGyE0EtCtAyDyDtByB0DyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DzztCyCzy0CtGyB0C0FzytGyE0B0DyEtG0BtC0C0BtGtCyB0BtBtB0CzytA0Czz0BtC2QtN0A0LzuyEtN1B2Z
 
1V1T1S1NzuyByEzz&cr=694837833&ir=&uref=chmm
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7164 bytes] ##########
# AdwCleaner v5.035 - Logfile created 20/02/2016 at 16:27:02
# Updated 18/02/2016 by Xplode
# Database : 2016-02-16.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : bachmani - HAEMATOPUS
# Running from : C:\Users\bachmani\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\LenovoBrowserGuard
[-] Folder Deleted : C:\Users\nx\AppData\Local\pokki
 
***** [ Files ] *****
 
[-] File Deleted : C:\windows\SysNative\VisualDiscoveryOff.ini
[-] File Deleted : C:\windows\SysWOW64\VisualDiscovery.ini
[-] File Deleted : C:\windows\SysWOW64\VisualDiscoveryOff.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKLM\SOFTWARE\LenovoBrowserGuard
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A98D674E-D309-11E4-8278-90489AFB5F5E}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Key Deleted : HKCU\Software\Classes\pokki
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12200 bytes] ##########
 


#8 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 February 2016 - 03:47 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8.1 x64 
Ran by susan (Limited) on 2016-02-20 at 16:40:58.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-02-20 at 16:45:13.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 February 2016 - 12:38 AM

ESET Online Scan log:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application cleaned by deleting
C:\bachmani\Downloads\FileZilla_3.10.3_win64-setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting
C:\Users\bachmani\Downloads\PDFCreator-2_1_2-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application deleted


#10 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 February 2016 - 12:42 AM

Emsisoft Emergency Kit - Version 11.0
Last update: 2016-02-21 1:22:50 AM
User account: Haematopus\bachmani
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 2016-02-21 1:24:24 AM
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\VDWFP detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\VDWFP detected: Adware.Superfish (A)
 
Scanned 78820
Found 2
 
Scan end: 2016-02-21 1:31:57 AM
Scan time: 0:07:33
 
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\VDWFP Adware.Superfish (A)
 
Quarantined 1


#11 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:11 PM

Posted 21 February 2016 - 05:11 AM

If your computer is a Lenovo it would be a good idea to run the Superfish removal tool.

SuperFish Uninstall Instructions - Lenovo Support (US)

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 February 2016 - 06:53 AM

I downloaded the Superfish removal tool just now, but I wasn't able to run it successfully (after trying to open the exe file, nothing happened). I do remember uninstalling the Superfish removal tool sometime in the last year. I went through the manual steps on the Lenovo page and didn't see an entry for Superfish under Trusted Root Certificate Authorities. 

 

Startup Windows list:

 

Yes HKCU:Run ApplePhotoStreams Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run Cisco AnyConnect Secure Mobility Agent for Windows Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
Yes HKLM:Run Energy Manager Lenovo(beijing) Limited C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
Yes HKLM:Run ISUSPM Flexera Software LLC. C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Lenovo Utility Lenovo(beijing) Limited C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run OnekeyStudio Lenovo C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start
Yes HKLM:Run PhoneCompanion Lenovo C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
Yes HKLM:Run RtHDVBg_LENOVO_DOLBYDRAGON Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
Yes HKLM:Run RtHDVBg_LENOVO_MICPKEY Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run RtsFT Realtek semiconductor RTFTrack.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run StageLightUpdate C:\Program Files\Stagelight\StagelightUpdate.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run UpdateP2GShortCut CyberLink Corp. "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
 
Startup Scheduled Tasks list:
 
Yes Task AdobeAAMUpdater-1.0-Haematopus-bachmani Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Chromium C:\Users\bachmani\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE /Check
Yes Task G2MUpdateTask-S-1-5-21-4250382797-2526542320-422297723-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\bachmani\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-4250382797-2526542320-422297723-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\bachmani\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation "C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation "C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
Yes Task MATLAB R2014b Startup Accelerator C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
Yes Task Optimize Start Menu Cache Files-S-1-5-21-4250382797-2526542320-422297723-1001
 


#13 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:11 PM

Posted 21 February 2016 - 07:17 AM

Okay...Superfish is gone..one of the scanners picked it up and removed a couple of items.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run ApplePhotoStreams Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run ISUSPM Flexera Software LLC. C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run StageLightUpdate C:\Program Files\Stagelight\StagelightUpdate.exe
 
Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task AdobeAAMUpdater-1.0-Haematopus-bachmani Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Chromium C:\Users\bachmani\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE /Check
Yes Task G2MUpdateTask-S-1-5-21-4250382797-2526542320-422297723-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\bachmani\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MATLAB R2014b Startup Accelerator C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
Yes Task Optimize Start Menu Cache Files-S-1-5-21-4250382797-2526542320-422297723-1001
 
Please post the third list....Installed Programs

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 bachmani

bachmani
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 February 2016 - 08:04 AM

Thanks you very much for your help!

 

Here is the Installed Programs list:

 

7-Zip 15.06 beta (x64) Igor Pavlov 2015-09-01 4.63 MB 15.06
Adobe Illustrator CC 2015 Adobe Systems Incorporated 2016-01-16 1.03 GB 19.2.0
Adobe Reader XI (11.0.11) Adobe Systems Incorporated 2015-05-20 237 MB 11.0.11
Amazon Amazon.com 2015-07-23 3.1.2.8
Apple Application Support Apple Inc. 2014-12-15 95.2 MB 3.1
Apple Mobile Device Support Apple Inc. 2014-12-15 22.2 MB 8.0.5.6
Apple Software Update Apple Inc. 2014-12-15 2.38 MB 2.1.3.127
ArcGIS 10.2.2 for Desktop Environmental Systems Research Institute, Inc. 2014-12-03 2.01 GB 10.2.3552
Bonjour Apple Inc. 2014-12-15 2.00 MB 3.0.0.10
Bulk Rename Utility 2.7.1.3 TGRMN Software 2015-08-30
CCleaner Piriform 2016-02-20 5.14
Cisco AnyConnect Diagnostics and Reporting Tool Cisco Systems, Inc. 2015-10-31 1.19 MB 4.1.04011
Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 2015-10-31 4.1.04011
Cisco AnyConnect Start Before Login Module Cisco Systems, Inc. 2015-10-31 558 KB 4.1.04011
Citrix Online Launcher Citrix 2015-06-11 294 KB 1.0.312
Companion Lenovo, INC. 2015-07-23 2.2.22.0
CyberLink MediaStory CyberLink Corp. 2014-09-16 474 MB 1.0.1314
CyberLink PowerDirector 10 CyberLink Corp. 2014-09-16 293 MB 10.0.0.2810
Dailymotion Dailymotion SA 2015-08-26 2.0.1.63
Dolby Digital Plus Home Theater Dolby Laboratories Inc 2014-09-15 2.71 MB 7.5.1.1
Dot4 HP 2015-11-02 1.50 MB 1.0.0.0
Dragon Assistant 3 Nuance Communications, Inc. 2014-09-16 92.7 MB 3.1.30
Dragon Assistant 3 Language Data Pack en_US Nuance Communications, Inc. 2014-09-16 635 MB 3.1.30
eBay eBay, Inc 2014-12-03 1.6.0.34
EndNote X7 Thomson Reuters 2014-12-02 86.8 MB 17.0.0.7072
Energy Manager Lenovo 2014-09-16 59.9 MB 1.5.0.20
ESET Online Scanner v3 2016-02-20
Evernote Touch Evernote 2016-01-22 3.3.0.102
File List Generator ReStoring Data Inc. 2015-02-04 2.83 MB 1.1
FileZilla Client 3.10.3 Tim Kosse 2015-05-07 21.9 MB 3.10.3
Free Online Games for Lenovo Game Genetics 2015-02-12 2.1.1.49
Games Microsoft Corporation 2014-11-25 2.0.139.0
GEODAS-NG version 1.1.3.1 2015-01-09 69.8 MB 1.1.3.1
GIMP 2.8.14 The GIMP Team 2015-02-25 268 MB 2.8.14
GnuWin32: sed-4.2.1 GnuWin 2015-08-23 3.95 MB 4.2.1
GnuWin32: Wget-1.11.4-1 GnuWin32 2015-08-23 1.11.4-1
GnuWin32: Wget-1.11.4-1 GnuWin32 2015-08-23 1.11.4-1
Google Chrome Google Inc. 2015-04-17 48.0.2564.116
GoToMeeting 7.11.1.4419 CitrixOnline 2016-02-10 7.11.1.4419
Hightail for Lenovo Hightail 2014-12-03 1.3.0.1278
Hightail for Lenovo Hightail, Inc. 2014-09-16 29.1 MB 2.4.97.2857
iBackupBot 5.2.8 VOWSoft, Ltd. 2015-04-07 5.2.8
IBM SPSS Statistics 22 IBM Corp 2015-03-03 941 MB 22.0.0.0
iCloud Apple Inc. 2015-03-13 89.5 MB 4.0.6.28
Intel® Manageability Engine Firmware Recovery Agent Intel Corporation 2014-09-15 58.0 MB 1.1.0.36960
Intel® Management Engine Components Intel Corporation 2014-09-16 9.5.15.1730
Intel® Processor Graphics Intel Corporation 2014-09-15 10.18.10.3540
IrfanView (remove only) Irfan Skiljan 2015-01-02 2.00 MB 4.38
iTunes Apple Inc. 2014-12-15 244 MB 12.0.1.26
JAGS 3.4.0 JAGS 2015-03-01 102 MB 3.4.0
Java 8 Update 25 Oracle Corporation 2014-12-05 73.3 MB 8.0.250
Kindle AMZN Mobile LLC 2015-06-25 2.1.0.2
Lenovo Bluetooth with Enhanced Data Rate Software Broadcom Corporation 2014-09-15 230 MB 12.0.0.9840
Lenovo Dependency Package Lenovo Group Limited 2014-09-16 1.6.25.00
Lenovo EasyCamera Realtek Semiconductor Corp. 2014-09-15 13.6 MB 6.2.9200.10279
Lenovo FusionEngine Lenovo, Inc. 2014-09-16 1.0.13.0
Lenovo Mobile Phone Wireless Import Lenovo 2014-09-16 7.14 MB 1.1.1.9
Lenovo Motion Control PointGrab 2014-09-16 152 MB 2.5.1.0225
Lenovo OneKey Recovery CyberLink Corp. 2014-09-16 8.1.0.2619
Lenovo PhoneCompanion Lenovo 2014-09-16 32.8 MB 1.2.0.2
Lenovo Photo Master CyberLink Corp. 2014-09-16 1.0.1823.01
Lenovo PowerDVD10 CyberLink Corp. 2014-09-16 203 MB 10.0.5630.52
Lenovo Reach Stoneware, Inc. 2014-09-16 56.7 MB 1.1.3.7
Lenovo Settings Lenovo 2014-09-16 13.2 MB 1.0.0.46
Lenovo SHAREit Lenovo Group Limited 2014-09-16 2.0.5.0
Lenovo Support Lenovo, INC. 2015-01-22 2.0.5.0
Lenovo Updates Lenovo 2014-09-16 9.87 MB 1.1.0.61
Lenovo VeriFace Pro Lenovo 2014-09-16 5.1.14.3211
Lenovo_Wireless_Driver Lenovo 2014-09-15 6.30.223.247
Live TV FilmOn TV Inc. 2014-12-03 1.3.6.115
Magic Transfer 2014-09-16 6.32 MB 1.1.1.11
Magic Transfer Lenovo 2014-09-16 1.1.1.11
Mail, Calendar and People 2015-07-04
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 2016-02-20 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 2014-12-03 2.1.3230.2048
MARK 8.0 Gary C. White 2014-12-03 8.0
MATLAB R2014b The MathWorks, Inc. 2014-12-03 8.4
McAfee® Central for Lenovo McAfee_Inc 2015-12-09 5.0.110.1
Microsoft Office Professional Plus 2013 Microsoft Corporation 2015-06-05 15.0.4569.1506
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014-12-05 4.84 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014-12-03 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014-09-16 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2014-12-03 11.5 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2014-09-16 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2014-09-16 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2014-12-05 8.78 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2016-02-21 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2016-02-21 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015-01-08 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015-01-08 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2016-01-16 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2016-01-16 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2016-02-21 10.0.50903
MSN Food & Drink Microsoft Corporation 2015-07-23 3.0.4.336
MSN Health & Fitness Microsoft Corporation 2015-07-23 3.0.4.336
MSN Money Microsoft Corporation 2015-07-23 3.0.4.336
MSN News Microsoft Corporation 2015-07-23 3.0.4.336
MSN Sports Microsoft Corporation 2015-07-23 3.0.4.336
MSN Travel Microsoft Corporation 2015-07-23 3.0.4.336
MSN Weather Microsoft Corporation 2015-10-23 3.0.4.337
Music Microsoft Corporation 2015-03-14 2.6.672.0
Nitro Pro 9 Nitro 2014-09-16 536 MB 9.0.5.9
NoMachine NoMachine S.a.r.l. 2015-03-03 131 MB 4.4.12
NVIDIA GeForce Experience 1.8.2 NVIDIA Corporation 2014-09-15 1.8.2
NVIDIA Graphics Driver 332.50 NVIDIA Corporation 2014-09-15 332.50
NVIDIA PhysX System Software 9.13.0927 NVIDIA Corporation 2014-09-15 9.13.0927
NVIDIA Virtual Audio 1.2.20 NVIDIA Corporation 2014-09-15 1.2.20
OneKey Recovery CyberLink Corp. 2014-09-16 8.1.0.2619
Onekey Theater Lenovo 2014-09-16 3.0.1.2
OneNote Microsoft Corporation 2015-08-03 16.0.3327.1048
Phone Companion LENOVO INC 2014-12-03 2.0.0.9
Power2Go CyberLink Corp. 2014-09-16 5.6.0.10525
PowerDirector CyberLink Corp. 2014-09-16 293 MB 10.0.0.2810
PowerDVD for Lenovo Idea CYBERLINK COM CORPORATION 2014-12-03 1.1.2618.24808
PuTTY release 0.64 Simon Tatham 2015-03-03 3.60 MB 0.64
Python 2.7 Marine Geospatial Ecology Tools 0.8a58 Duke University Marine Geospatial Ecology Lab 2015-04-27 200 MB 0.8a58
Python 2.7 pywin32-219 2015-04-27
R for Windows 3.1.2 R Core Team 2014-12-02 87.8 MB 3.1.2
Reader Microsoft Corporation 2016-02-11 6.4.9926.18190
Realtek Card Reader Realtek Semiconductor Corp. 2014-09-15 6.2.9600.21243
Realtek Ethernet Controller Driver Realtek 2014-09-15 8.20.815.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014-09-15 6.0.1.7195
ResearchSoft Direct Export Helper Thomson Reuters 2014-12-02
RISKMAN 2014-12-03
RStudio RStudio 2015-01-06 0.98.1091
Rtools 3.2 The R Foundation 2015-06-13 253 MB
Skype Skype 2015-06-25 3.1.0.1016
Skype™ 7.5 Skype Technologies S.A. 2015-06-08 128 MB 7.5.102
Spot5Host v5.51.2000 Wildlife Computers 2015-05-26 5.51.2000
Stagelight Open Labs, LLC. 2015-02-26 2.0.0.5045
Sublime Text 2.0.2 2015-12-04 19.8 MB
Symantec Endpoint Protection Symantec Corporation 2016-02-02 1.97 GB 12.1.5337.5000
Synaptics Pointing Device Driver Synaptics Incorporated 2014-09-16 46.4 MB 17.0.14.81
Tag Agent Wildlife Computers 2015-05-26 1.8.0.0
The Telegraph for Lenovo Telegraph Media Group Ltd 2014-12-03 2.1.1.142
The Weather Channel for Lenovo The Weather Channel. 2015-07-23 2.1.20.1
Time Doctor Pro Time Doctor LLC 2015-11-16 44.0 MB 1.4.73
TripAdvisor Hotels Flights Restaurants TripAdvisor LLC 2014-11-25 1.2.0.24
UltraVnc uvnc bvba 2015-04-17 6.83 MB 1.2.0.5
USBComm Wildlife Computers 2015-05-27 432 KB 1.0.0
User Manuals Lenovo 2014-09-16 26.1 MB 3.0.0.3
Video Microsoft Corporation 2015-11-06 2.6.446.0
VLC media player VideoLAN 2015-01-03 2.1.5
Wildlife Computers Data Analysis Programs 3.0 Wildlife Computers 2015-05-27 32.0 MB 3.0.345
Wildlife Computers USB Communications Device (Driver Removal) 2015-05-26
Windows Alarms Microsoft Corporation 2014-11-25 6.3.9654.20335
Windows Calculator Microsoft Corporation 2014-11-25 6.3.9600.20278
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) Lenovo 2014-09-16 09/24/2013 19.29.2.34
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) Lenovo 2014-09-16 07/25/2013 10.30.0.288
Windows Help+Tips Microsoft Corporation 2014-12-03 6.3.9654.20559
Windows Reading List Microsoft Corporation 2015-08-21 6.3.9654.20947
Windows Scan Microsoft Corporation 2014-12-03 6.3.9654.17133
Windows Sound Recorder Microsoft Corporation 2014-11-25 6.3.9600.20280
X2Go Client for Windows X2Go Project 2015-03-03 52.0 MB 4.0.3.2-20150301
Zinio Reader Zinio LLC 2014-12-03 2.1.0.317


#15 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:11 PM

Posted 21 February 2016 - 09:13 AM

Update Adobe Reader XI (11.0.11) Adobe Systems Incorporated 2015-05-20 237 MB 11.0.11

or if you only use it to read pdf files then uninstall and install a lighter and safer pdf reader such as Download Sumatra PDF - a free reader

EDIT: I see you have Nitro pro 9

 

Uninstall these programs:

Amazon Amazon.com 2015-07-23 3.1.2.8

Bonjour Apple Inc. 2014-12-15 2.00 MB 3.0.0.10

Dailymotion Dailymotion SA 2015-08-26 2.0.1.63 (keep if you actually find it useful)

eBay eBay, Inc 2014-12-03 1.6.0.34

ESET Online Scanner v3 2016-02-20

Free Online Games for Lenovo Game Genetics 2015-02-12 2.1.1.49

GoToMeeting 7.11.1.4419 CitrixOnline 2016-02-10 7.11.1.4419 (keep it if you installed it and use it)

Java 8 Update 25 Oracle Corporation 2014-12-05 73.3 MB 8.0.250

Live TV FilmOn TV Inc. 2014-12-03 1.3.6.115 (keep it if you installed it and use it)

McAfee® Central for Lenovo McAfee_Inc 2015-12-09 5.0.110.1

 

I did not see Symantec listed in Startups. If that is what you are using for antivirus please check that it is running and updating.

 

After doing all of the above and rebooting....what problem(s) still remain?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users