Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Malware/Virus


  • Please log in to reply
10 replies to this topic

#1 toka

toka

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 06 May 2017 - 12:37 AM

Hi,

 

I have a Lenovo Y40-70 laptop with an AMD Radeon R9 M275X video card.  For the last few months I have had problems with the computer running very slow.  I suspect it has something to do with the video card, as my computer slows to a crawl during videos or if it's running a game.  However even regular webpages, particularly those that run flash load incredibly slow.  If I open 3 or 4 tabs of a forum such as bleepingcomputer.com in chrome, there is just a blank page hanging and it continues to load until after about 10-15 seconds the page finally loads.  Scrolling on these pages is near impossible, the screen will just freeze then jump forward after a long pause (10+ seconds at times), and some pages just do not scroll at all.

 

I've also experienced being re-directed to a webpage and having pop up prompts warning me that my computer might be infected.  When these prompts pop up I can only exit them by going to task manager and ending the webpage task.  This leads me to believe my computer is indeed infected with some sort of Malware.

 

I read online that there are some compatibility issues with my video card and windows 10 and the video card switching mechanism of my video card (the integrated intel video runs regular webpages).  However I've tried several things suggested online including updating to the latest video drivers, or rolling back to previous drivers and none of the solutions work.  I will say the problem started after I upgraded to Windows 10 and then installed a replacement SSD and used Samsung Magician to transfer my hard drive onto the SSD.

The only scans I have run are Malwarebytes Anti-Malware, without detecting any threats.  Any advice on what it could be?  Thank you for the help!


Edited by toka, 06 May 2017 - 12:39 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:40 AM

Posted 06 May 2017 - 05:21 AM

Do you have an ad blocker installed? If so, which one?

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 toka

toka
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 May 2017 - 12:29 AM

Hi,

Thank you for your prompt response!  I would have posted sooner but ESET scan just completed after 9 hours.  To answer your question, yes I am using an ad blocker.  I am using AdBlock in Chrome.  Logs are posted below.  AdwCleaner cleaned 'Pokki' files and ESET scanner did not find any threats.

 

# AdwCleaner v6.046 - Logfile created 06/05/2017 at 15:49:55
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-05.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Jim - JIM-Y40
# Running from : C:\Users\Jim\Desktop\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Jim\AppData\Local\Pokki
[-] Folder deleted: C:\ProgramData\Pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Pokki
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Public\Pokki
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: iorrt
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key deleted: HKLM\SOFTWARE\VisualDiscovery
[-] Value deleted: HKU\S-1-5-21-1068672024-2228483947-39539036-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[#] Key deleted on reboot: HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2707 Bytes] - [06/05/2017 15:49:55]
C:\AdwCleaner\AdwCleaner[R0].txt - [2881 Bytes] - [03/01/2015 02:56:07]
C:\AdwCleaner\AdwCleaner[R1].txt - [2941 Bytes] - [03/01/2015 03:07:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [3011 Bytes] - [03/01/2015 03:11:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [3008 Bytes] - [06/05/2017 15:45:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3072 Bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Jim (Administrator) on Sat 05/06/2017 at 15:54:09.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Jim\AppData\Roaming\out of the park developments (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\IORRT (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/06/2017 at 15:59:02.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:40 AM

Posted 07 May 2017 - 06:02 AM

There were some superfish items deleted. Since you have a Lenovo computer I suggest you run the Superfish removal tool.

SuperFish Removal Tool from Lenovo

 

If you are using Adblock Plus then click on the ABP icon and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 toka

toka
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 May 2017 - 11:32 AM

Hi,

 

I ran Superfish removal tool and it removed 'Superfish Root Certificate' and 'Superfish Root Certificate for Mozilla'.

 

My Startup, Scheduled Tasks and Programs are listed below:

 

Windows Startup:

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Lite Automount Disc Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Jim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run Energy Manager Lenovo(beijing) Limited C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
Yes HKLM:Run ETDCtrl %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run Lenovo Utility Lenovo(beijing) Limited C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
Yes HKLM:Run MFNetworkScanUtility CANON INC. C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
Yes HKLM:Run RtHDVBg_LENOVO_DOLBYDRAGON Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
Yes HKLM:Run RtHDVBg_LENOVO_MICPKEY Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run RtsFT RTFTrack.exe
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run WindowsDefender "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Yes Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
 
Scheduled Tasks:
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe -check pepperplugin
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DolbySelectorTask %ProgramFiles%\Dolby Digital Plus\ddp.exe -autostart
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001Core C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001Core1d08f9d582fe92e C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA1d08f9d585e7bb4 C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA1d0bf4a2564cfa2 C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Hybrid C:\IORRT\IORRT.bat
Yes Task IORRT C:\IORRT\IORRT.bat
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
No Task Optimize Start Menu Cache Files-S-1-5-21-1068672024-2228483947-39539036-1001
Yes Task Optimize Start Menu Cache Files-S-1-5-21-1068672024-2228483947-39539036-500
No Task SamsungMagician Samsung Electronics. "C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe" /AUTOHIDE
Yes Task {622B6766-12B1-438F-B60B-1CE0E010E643} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
Yes Task {819584EA-2B7B-48F6-89B7-C67174EC65C8} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
Yes Task {A18125A5-28D4-4914-8456-E23EC99F77D4} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
Yes Task {A85987D8-F599-46A0-B725-AB283C3A2C1D} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
 
Programs:
3D Builder Microsoft Corporation 4/21/2017 14.0.1031.0
7-Zip 9.20
Adobe Acrobat Reader DC Adobe Systems Incorporated 4/13/2017 402 MB 17.009.20044
Adobe Acrobat XI Pro Adobe Systems 2/11/2015 2.14 GB 11.0.09
Adobe Flash Player 25 PPAPI Adobe Systems Incorporated 25.0.0.148
Alarms & Clock Microsoft Corporation 4/27/2017 10.1704.1013.0
Always Sometimes Monsters Vagabond Dog
Amazon Amazon.com 4/13/2017 2016.829.2800.0
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 5/4/2017 55.4 MB 8.0.916.0
Antichamber Alexander Bruce
App Installer Microsoft Corporation 2/18/2017 1.0.10332.0
Asphalt 8: Airborne GAMELOFT SA 3/30/2017 3.0.0.7
AudibleManager Audible, Inc. 3670704.1637756.4759644.48
Battle.net Blizzard Entertainment
Borderlands 2 Gearbox Software
Calculator Microsoft Corporation 3/23/2017 10.1703.601.0
Camera Microsoft Corporation 4/13/2017 2017.214.20.0
Candy Crush Soda Saga king.com 5/5/2017 1.89.700.0
Canon MF4700 Series CANON INC. 4.1.0.1
CCleaner Piriform 5.29
Championify Dustin Blackman 5/5/2017 2.0.4
Cisco WebEx Meetings Cisco WebEx LLC
ConvertXtoDVD 4.1.19.365 5/3/2016 4.1.19.365
Crusader Kings II Paradox Development Studio
CyberLink MediaStory CyberLink Corp. 11/4/2014 1.0.1314
CyberLink PowerDirector 10 CyberLink Corp. 10.0.0.2810
DAEMON Tools Lite Disc Soft Ltd 10.1.0.0074
Dailymotion Dailymotion 1/5/2017 6.1.72.0
Diablo III Blizzard Entertainment
Draft Day Sports: College Basketball 2016 version 1.5 Wolverine Studios 6/26/2016 1.5
Drawboard PDF Drawboard 4/16/2017 5.1.60.0
eBay eBay, Inc 8/8/2016 1.6.0.34
Energy Manager Lenovo 11/4/2014 1.5.0.23
ESET Online Scanner v3
Evernote Evernote 3/29/2017 6.5.4720.0
Feedback Hub Microsoft Corporation 4/21/2017 1.1703.971.0
Free Online Games for Lenovo Game Genetics 8/8/2016 2.1.1.49
FTL: Faster Than Light Subset Games
Get Office Microsoft Corporation 4/20/2017 17.8107.7600.0
Google Chrome Google Inc. 1/8/2015 58.0.3029.96
Groove Music Microsoft Corporation 4/27/2017 10.17032.10331.0
Halo Microsoft Studios 4/28/2017 1.0.4370.0
Halo 5: Forge Microsoft Studios 3/23/2017 1.142.47762.2
Hero Siege Elias Viglione
Hotline Miami Dennaton Games
ImgBurn LIGHTNING UK! 5/3/2016 2.5.8.0
Intel® Management Engine Components Intel Corporation 9.5.15.1730
Intel® Processor Graphics Intel Corporation 10.18.15.4240
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1347.2) Intel Corporation 11/4/2014 62.4 MB 17.0.1312.0414
Intel® Rapid Storage Technology Intel Corporation 11/4/2014 13.0.2.1000
Intel® PROSet/Wireless Software Intel Corporation 17.14.0
Jamestown Final Form Games
Java 8 Update 131 Oracle Corporation 4/30/2017 55.3 MB 8.0.1310.11
Jets'n'Guns Gold Rake in Grass
Kindle AMZN Mobile LLC 8/8/2016 2.1.0.2
League of Legends Riot Games 4/28/2017 4.1.2
Lenovo Companion LENOVO INC. 4/21/2017 3.72.1.0
Lenovo EasyCamera Realtek Semiconductor Corp. 6.3.9600.11103
Lenovo OneKey Recovery CyberLink Corp. 8.1.0.2619
Lenovo pointing device ELAN Microelectronic Corp. 11.4.39.1
Lenovo Settings Lenovo 11/4/2014 1.0.0.46
Lenovo Support Lenovo, INC. 8/8/2016 2.0.5.0
Lenovo Updates Lenovo 11/4/2014 1.1.0.61
Mail and Calendar Microsoft Corporation 5/3/2017 17.8126.42377.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 2/10/2016 2.2.0.1024
Maps Microsoft Corporation 3/29/2017 5.1703.762.0
McAfee® Central for Lenovo McAfee_Inc 8/8/2016 5.0.110.1
Messaging Microsoft Corporation 8/8/2016 3.19.1001.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 8/13/2016 14.0.4734.1000
Microsoft OneDrive Microsoft Corporation 17.3.6799.0327
Microsoft Rewards Microsoft Corporation 4/20/2017 0.9.5.0
Microsoft Silverlight Microsoft Corporation 1/24/2015 101 MB 5.1.30514.0
Microsoft Solitaire Collection Microsoft Studios 4/14/2017 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 4/14/2017 1.8.0.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/3/2015 8.57 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12/31/2014 12.6 MB 8.0.59192
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 11/4/2014 16.4 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 7/7/2015 48.0 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 7/5/2015 15.6 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 1/3/2015 8.28 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/4/2014 8.27 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11/4/2014 8.26 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/5/2015 7.63 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 1/12/2015 27.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 1/12/2015 21.8 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Corporation 11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 Microsoft Corporation 14.0.24212.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 14.0.24215.1
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 7/5/2015 17.2 MB 3.1.10527.0
Money Microsoft Corporation 4/21/2017 4.20.1102.0
Movies & TV Microsoft Corporation 5/5/2017 10.17032.10341.0
Mozilla Firefox 42.0 (x86 en-US) Mozilla 42.0
Mozilla Maintenance Service Mozilla 42.0.0.5780
MSN Food & Drink Microsoft Corporation 8/8/2016 3.0.4.336
MSN Health & Fitness Microsoft Corporation 8/8/2016 3.0.4.336
MSN Travel Microsoft Corporation 8/8/2016 3.0.4.336
My Game Long Name Epic Games, Inc.
Netflix Netflix, Inc. 4/26/2017 6.21.109.0
News Microsoft Corporation 4/21/2017 4.20.1102.0
NVIDIA PhysX NVIDIA Corporation 7/6/2015 95.1 MB 9.12.1031
OEM Application Profile Advanced Micro Devices, Inc. 5/4/2017 18.0 KB 1.00.0000
OlliOlli Roll7
OneKey Recovery CyberLink Corp. 19.5 MB 8.1.0.2619
OneNote Microsoft Corporation 5/5/2017 17.8067.57781.0
Oniken JoyMasher
OpenAL
Origin Electronic Arts, Inc. 9.5.12.2862
Out of the Park Baseball 14 Out of the Park Developments
Overwatch Blizzard Entertainment
Pandora Pandora Media Inc 1/26/2017 11.3.1.0
People Microsoft Corporation 4/14/2017 10.2.831.0
Phone Companion LENOVO INC 8/8/2016 2.0.0.9
Photos Microsoft Corporation 4/13/2017 17.313.10010.0
PowerDirector CyberLink Corp. 282 MB 10.0.0.2810
Prison Architect Introversion Software
Reader Microsoft Corporation 3/23/2017 6.4.9926.18589
Realtek Card Reader Realtek Semiconductor Corp. 11/4/2014 6.2.9600.21243
Realtek Ethernet Controller Driver Realtek 11/4/2014 8.20.815.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 6.0.1.7525
Samsung Data Migration Samsung 8/14/2016 3.0
Samsung Magician Samsung Electronics 8/14/2016 4.9.7
Shadowrun Returns Harebrained Schemes
Skype Skype 5/1/2017 11.14.675.0
Skype™ 7.34 Skype Technologies S.A. 5/2/2017 172 MB 7.34.103
Spelunky
Spiral Knights Three Rings
Sports Microsoft Corporation 4/21/2017 4.20.1102.0
StageLight Open Labs, LLC. 1.3.0.4350
StarCraft II Legacy of the Void 4/13/2016 1
Steam Valve Corporation 2.10.91.91
Store Microsoft Corporation 4/13/2017 11701.1001.99.0
Store Purchase App Microsoft Corporation 9/28/2016 11608.1000.2431.0
Synaptics Pointing Device Driver Synaptics Incorporated 19.0.9.5
The Banner Saga VEXGK 2/25/2017
The Banner Saga 2 VEXGK 3/4/2017
The Swapper Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano
The Telegraph for Lenovo Telegraph Media Group Ltd 8/8/2016 2.1.1.142
The Weather Channel for Lenovo The Weather Channel. 8/8/2016 2015.1013.1.0
Tips Microsoft Corporation 4/3/2017 5.0.13.0
To the Moon Freebird Games
Translator Microsoft Corporation 5/1/2017 4.8.3.0
TripAdvisor Hotels Flights Restaurants TripAdvisor LLC 11/17/2016 1.5.10.0
Twitch Launcher Twitch 1.0.0
Twitter Twitter Inc. 5/2/2017 5.7.1.0
User Manuals Lenovo 11/4/2014 3.0.0.3
VLC media player VideoLAN 2.2.1
Voice Recorder Microsoft Corporation 4/24/2017 10.1704.952.0
Vulkan Run Time Libraries 1.0.39.1 LunarG, Inc. 1.0.39.1
Weather Microsoft Corporation 4/21/2017 4.20.1102.0
Windows 10 Upgrade Assistant Microsoft Corporation 1.4.9200.17349
Windows 7 USB/DVD Download Tool Microsoft Corporation 8/27/2016 2.71 MB 1.0.30
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) Lenovo 09/24/2013 19.29.2.34
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) Lenovo 07/25/2013 10.30.0.288
Windows Reading List Microsoft Corporation 8/8/2016 6.3.9654.21234
Windows Scan Microsoft Corporation 8/8/2016 6.3.9654.17133
Xbox Microsoft Corporation 5/1/2017 28.28.28008.0
Xbox Identity Provider Microsoft Corporation 8/8/2016 11.19.19003.0
Xbox One SmartGlass Microsoft Corporation 2/15/2017 2.2.1702.2004
XCOM 2 Firaxis
Zinio Reader Zinio LLC 8/8/2016 2.1.0.317
Zoom Zoom Video Communications, Inc. 3.5
Zune Microsoft Corporation 4/17/2015 04.08.2345.00


#6 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:40 AM

Posted 07 May 2017 - 12:30 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Lite Automount Disc Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Jim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run MFNetworkScanUtility CANON INC. C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
Yes Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
 
 
Delete this Startup item: Use CCleaner by clicking on it and choosing Delete on the right.
Yes HKLM:Run RtsFT RTFTrack.exe
 
Disable these Tasks:
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001Core C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001Core1d08f9d582fe92e C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA1d08f9d585e7bb4 C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA1d0bf4a2564cfa2 C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task Optimize Start Menu Cache Files-S-1-5-21-1068672024-2228483947-39539036-500
 
Delete these Tasks:
Yes Task Hybrid C:\IORRT\IORRT.bat
Yes Task IORRT C:\IORRT\IORRT.bat
Yes Task {622B6766-12B1-438F-B60B-1CE0E010E643} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
Yes Task {819584EA-2B7B-48F6-89B7-C67174EC65C8} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
Yes Task {A18125A5-28D4-4914-8456-E23EC99F77D4} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
Yes Task {A85987D8-F599-46A0-B725-AB283C3A2C1D} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.4.80.102/en/abandoninstall?page=tsProgressBar
 
Uninstall these programs:
Candy Crush Soda Saga king.com 5/5/2017 1.89.700.0
ESET Online Scanner v3
Mozilla Firefox 42.0 (x86 en-US) Mozilla 42.0 (Or update...your choice..)
Mozilla Maintenance Service Mozilla 42.0.0.5780
 
After doing the above and rebooting....please let me know what problems still exist....if any.
 

Edited by buddy215, 07 May 2017 - 12:31 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 toka

toka
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 May 2017 - 01:50 PM

Hi again,

 

Completed the above per your instructions.  Could not disable a couple of tasks:

 

Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001Core1d08f9d582fe92e C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /c

Yes Task GoogleUpdateTaskUserS-1-5-21-1068672024-2228483947-39539036-1001UA1d0bf4a2564cfa2 C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

I think web browsing is a bit better.  The video card still appears to be an issue as I get 1-10 FPS and slow downs in menus even in games that are not graphically intensive.  I think it must be a driver compatibility issue.  Any advice on what I should do in terms of updating graphics drivers or if there's a way to disable the on board Intel graphics and force it to run through my card?  Do you think a clean windows install would help?  Thanks again for your help.


Edited by toka, 07 May 2017 - 02:25 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:40 AM

Posted 07 May 2017 - 04:06 PM

Before reinstalling I think you should ask for assistance in the Internal Hardware Forum - BleepingComputer.com Forum.

I suggest you post a link to the report given after running Speccy in your new topic in that forum.

 Speccy Download

 

When trying to disable those two items did you get an error mentioning no path? If so, disregard them. If not, try shutting down all programs and then

attempt again to disable.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 toka

toka
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 May 2017 - 05:16 PM

I get the message: 'The system cannot find the file specified'.  I assume I can ignore them.

 

Thank you so much for all the help you have provided so far and I have posted in the Hardware forum for help.  I really appreciate your time!



#10 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:40 AM

Posted 07 May 2017 - 06:26 PM

Yes...just ignore them. You're welcome...enjoyed working with you.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 ciGarcia64

ciGarcia64

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 11 October 2017 - 11:12 AM

Thank you ALL for this post.  I found it most helpful!

 

I would also like to add that in the incarnation I dealt with, the insidious program seemed to install itself with the same program name as my Antivirus (in this case it was Webroot).

Once removed, I continued the Protocol described here, and the system seems AOK now!

 

Thanks again!   :love4u:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users