Author Topic: [In Progress] Laptop running very slow,hangs once in a while  (Read 617 times)

Offline chuckles

  • Bronze Member
  • Posts: 93
[In Progress] Laptop running very slow,hangs once in a while
« on: December 15, 2016, 08:19:01 PM »
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2011 3:35:28 AM
System Uptime: 12/15/2016 9:02:16 PM (0 hours ago)
.
Motherboard: LENOVO |  | 1143AFU
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 102.273 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 12 GiB total, 2.408 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP599: 10/9/2016 11:53:18 AM - Installed Lenovo Power Management Driver
RP600: 10/9/2016 10:09:11 PM - Windows Update
RP601: 10/18/2016 3:00:22 PM - Windows Update
RP602: 11/1/2016 12:45:49 PM - Windows Update
RP603: 11/9/2016 6:48:20 PM - Windows Update
RP604: 11/22/2016 9:27:42 PM - Windows Update
RP605: 11/29/2016 3:27:04 PM - Windows Update
RP606: 12/7/2016 7:29:32 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Flash Player 24 ActiveX
Adobe Flash Player 24 NPAPI
Adobe Refresh Manager
BlackBerry USB Drivers
Broadcom InConcert Maestro
Brother HL-5250DN
Burn.Now 4.5
Cisco WebEx Meetings
Citrix Online Launcher
Conexant HD Audio
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
D3DX10
Definition Update for Microsoft Office 2010 (KB3115129) 32-Bit Edition
Direct DiscRecorder
DirectX 9 Runtime
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
DisplayKEY USB Cradle
Dropbox
Excel Adapter API v1.2
Excel Adapter v1.2
Faasoft Audio Converter 5.2.23.5604
FlipShare
FXCM Trading Station
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 7.28.0.6039
GWX Control Panel
HL-5450DN
hotComm® CL
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) WiDi
Intel(R) Wireless Display
Java 8 Update 101
Java Auto Updater
Junk Mail filter update
KONICA MINOLTA C360Series
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver
Lenovo Registration
Lenovo Service Bridge
Lenovo System Interface Driver
Lenovo System Update
Lenovo ThinkVantage Toolbox
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
LightScribe System Software
Malwarebytes Anti-Malware version 2.2.1.1043
Mesh Runtime
Message Center Plus
Metric Collection SDK
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.6.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 50.1.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MySpeed v5.5.1
Network Recording Player
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
Nitro Reader 2
On Screen Display
Power Manager
PrimoPDF -- brought to you by Nitro PDF Software
RapidBoot
Realtek Ethernet Controller Driver
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Replay Video Capture
RICOH_Media_Driver_v2.13.18.02
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Roxio RecordNow 9 Music Lab
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)
Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)
Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition
Security Update for Microsoft Excel 2010 (KB3114888) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054984) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2817478) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3114402) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3115123) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 7.0
Sonic CinePlayer Decoder Pack
ST_HOLB_LOHB Indicator
SUPERAntiSpyware
thinkorswim
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad UltraNav Driver
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Communications Utility
ThinkVantage Fingerprint Software
Top Producer Editor
TradeStation 9.0
TradeStation 9.1
TradeStation 9.5
TTM Squeeze 2.2
TweetDeck
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114750) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114989) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB3114410) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3115127) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB3114867) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
VD64Inst
VectorVest 7
VectorVest U.S.
VIPAccess
VisionQST
WD SmartWare Drive Manager
Windows Driver Package - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00)
Windows Driver Package - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/05/2011 15.3.6.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wisdom-soft ScreenHunter 6.0 Free
Xingtone Ringtone Maker
Zoom
.
==== Event Viewer Messages From Past Week ========
.
12/15/2016 9:05:06 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
12/15/2016 9:03:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect.
12/15/2016 9:03:31 PM, Error: Service Control Manager [7000]  - The FlipShare Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/15/2016 9:02:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.
12/15/2016 9:00:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/15/2016 8:58:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
12/15/2016 8:58:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
12/15/2016 8:58:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
12/15/2016 8:57:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
12/15/2016 8:57:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
12/15/2016 8:56:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrYNSvc service.
12/15/2016 8:56:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
12/15/2016 8:54:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
12/15/2016 8:53:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiServiceHost service.
12/15/2016 8:49:38 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.2374.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2016 8:49:38 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.2374.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2016 7:40:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
12/15/2016 7:26:50 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2016 6:32:31 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 116.72.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.72.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: Network Inspection System     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 2.1.12706.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 6:32:31 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2016 6:32:31 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.1724.0&asdelta=1.233.1724.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 6:32:31 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.1724.0&asdelta=1.233.1724.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 6:31:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the BrYNSvc service to connect.
12/15/2016 6:31:03 PM, Error: Service Control Manager [7000]  - The BrYNSvc service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/15/2016 6:31:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service BrYNSvc with arguments "" in order to run the server: {F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
12/15/2016 6:27:55 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/15/2016 6:26:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Power Manager Service service to connect.
12/15/2016 6:26:01 PM, Error: Service Control Manager [7000]  - The Power Manager Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/15/2016 12:08:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 116.72.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.72.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: Network Inspection System     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 2.1.12706.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 12:08:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2016 12:08:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.1724.0&asdelta=1.233.1724.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 12:08:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.1724.0&asdelta=1.233.1724.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 10:46:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 116.72.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.72.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: Network Inspection System     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 2.1.12706.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 10:46:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.1724.0&asdelta=1.233.1724.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 10:46:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.1724.0&asdelta=1.233.1724.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
12/15/2016 10:45:58 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1724.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2016 10:45:01 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
12/15/2016 10:45:01 AM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/14/2016 12:43:56 PM, Error: NetBT [4321]  - The name "BROWNS         :0" could not be registered on the interface with IP address 10.1.10.162. The computer with the IP address 10.1.10.181 did not allow the name to be claimed by this computer.
12/10/2016 9:46:48 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
12/10/2016 9:46:48 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the System Event Notification Service service, but this action failed with the following error:  An instance of the service is already running.
12/10/2016 9:46:48 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:  An instance of the service is already running.
12/10/2016 9:46:48 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
12/10/2016 9:45:48 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
12/10/2016 9:45:48 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error:  An instance of the service is already running.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2016 9:44:48 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2016 9:40:40 PM, Error: Schannel [36887]  - The following fatal alert was received: 70.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18315  BrowserJavaVersion: 11.101.2
Run by Steve at 21:09:43 on 2016-12-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4007.1502 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\dKEYUSBCradle\SyncService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\dKEYUSBCradle\ProxyDaemon.exe
C:\dKEYUSBCradle\stunnel-4.10.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\dKEYUSBCradle\SyncInfoApp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Steve\AppData\Local\Apps\2.0\KHVLPHP9.18A\31XEX2V0.Z78\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Dropbox Update] "C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [3xAV] C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~1.LNK - C:\dKEYUSBCradle\SyncInfoApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {165B3239-2565-49DB-8A82-F28631CE44ED} - hxxp://qst.quickscreentrading.com/webstart.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3048
TCP: NameServer = 75.114.81.1 75.114.81.2
TCP: Interfaces\{0DFD0924-23EF-4345-8764-A973F9CBBB3A} : DHCPNameServer = 10.98.3.4 10.98.3.25
TCP: Interfaces\{7F93A314-0D72-4BCC-B934-6ACE8549ED29} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F} : DHCPNameServer = 75.114.81.1 75.114.81.2
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}\2427F677E63777962756C6563737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}\2554D41485D294E43594748445 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}\458656742796E646745756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}\65562796A7F6E6D2839303C4D213146463 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}\C416155796E64716 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}\E45445745414254323 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [GwxControlPanelMonitor] "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lhfxbrf0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.topproducer8i.com/14.2100.02.00/Login/Login.aspx?ReturnUrl=%2f14.2100.02.00%2fDefault.aspx
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\thinkorswim\npthinkorswim.dll
FF - plugin: C:\Program Files (x86)\thinkorswim\nptossc.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Steve\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-8 55856]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-5-26 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-10-11 198784]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-10-11 40808]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-7-8 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-10-11 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-5-26 93032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-7 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-7 1136608]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-25 341288]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-10-11 101376]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-7-8 125424]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-7-8 125488]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-11 2656280]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-8-1 311296]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-10-11 166016]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-11 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-2 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-7 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-7 64896]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-10-11 1668776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-11 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S2 LPlatSvc;Lenovo Platform Service;C:\Windows\System32\LPlatSvc.exe [2016-10-9 710144]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-11 436776]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-11 39976]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-5-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2010-3-19 1120752]
S3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2011-11-11 29576]
S3 silabser;CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2011-11-11 76680]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-4-8 42392]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2016-12-16 01:41:24   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4398D6B8-C505-419D-9CA6-961B9E7357D0}\offreg.1000.dll
2016-12-16 01:38:43   11781064   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4398D6B8-C505-419D-9CA6-961B9E7357D0}\mpengine.dll
2016-12-16 00:47:44   --------   d-----w-   C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
2016-12-16 00:47:19   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2016-12-16 00:47:19   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2016-12-08 13:34:40   1167568   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6BA0E55E-90F2-4F19-8FCE-1023700B7F18}\gapaengine.dll
2016-12-08 13:34:08   11781064   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M  ====================
.
2016-12-16 02:04:25   192216   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-12-13 20:25:30   802904   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-13 20:25:30   144472   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-28 01:22:26   485032   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:14:03.42 ===============

Laptop has started acting funny. Very Slow, sometimes hanging up.
I ran Superantispyware and removed over 3000 tracking cookies. No improvement.
Please help!


« Last Edit: December 17, 2016, 05:31:26 PM by Hoov »



Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Laptop running very slow,hangs once in a while
« Reply #1 on: December 16, 2016, 11:10:55 AM »


 

I am Platypuss, I will be helping you with your problem.
   
Before we begin, please follow my simple rules:-
  • If you do not understand any instructions, Stop & Ask do not risk creating further problems.
  • Please do not run any tools unless instructed to do so because it may well cause unforseen damage to your machine.
  • It may help you to print out my instructions, so that mistakes are not made.
  • I am a trainee here but my instructions are checked by my mentor, there may be some delay but you will get a high quality of service.
  • Malware removal is frequently complex, it takes time to analyse logs, please be patient.   
  • I will advise you as soon as your computer is clean, until then it may still be infected !
>>>>>>>>>>>>>>>>>

Change Downloads  to Desktop
This will simplify the use of tools that we will be using.

How to change your download location to Desktop HERE

Google Chrome -
  • Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
  • Choose Settings. at the bottom of the screen click the "Show advanced settings..." link.
  • Scroll down to find the Downloads section and click the Change... button.
  • Select your desktop and click OK.
Mozilla Firefox -
  • Click the "Open Menu" button in the upper right-corner of the browser.
  • Choose Options. In the downloads section, click the Browse button,
  • click on the Desktop folder and the click the "Select Folder" button.
  • Click OK to get out of the Options menu.
Internet Explorer -
  • Click the Tools menu in the upper right-corner of the browser. Select View downloads.
  • Select the Options link in the lower left of the window. Click Browse and select the Desktop.
  • Then choose the Select Folder button. Click OK to get out of the download options screen .
  • Now click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

>>>>>>>>>>>>>>>>>>>>>>>>

NEXT
Please open your copy of Malwarebytes Anti-Malware.(MBAM)

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".

• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware

• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
'Could not load DDA driver'

• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.

• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.

To get the log from MBAM do the following:

• Click on the History tab > Application Logs.

• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export  > From export you have three options:

[1] Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
[2] Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
[3]  XML file (*.xml)      - if selected you will have to name the file and save to your Desktop, then attach to reply

NEXT
     Download & run FRST64 & save to your Desktop.

   
  • Download FRST64
       
  • Double click Frst64.exe to launch it.
       
  • FRST64 will start to run.
       
  • When the tool opens click Yes to disclaimer.
       
  • Press the Scan button.
       
  • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
       
  • Please post them in your next reply.

    If you lose sight of them, they will be saved in the same location as FRST64.exe
     use separate replies if it's more convenient.
>>>>>>>>>>>>>>>>>

Has this computer been used for commercial purposes by any chance?

I need the MBAM & the two FRST logs please.
Platypuss



Offline chuckles

  • Bronze Member
  • Posts: 93
Re: Laptop running very slow,hangs once in a while
« Reply #2 on: December 16, 2016, 09:35:08 PM »
Hi Platypuss,
No, this computer has not been used for commercial purposes.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/16/2016
Scan Time: 9:42 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.17.01
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345632
Time Elapsed: 38 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Steve (administrator) on STEVE-THINK (16-12-2016 22:27:23)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Supra) C:\dKEYUSBCradle\SyncService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Supra) C:\dKEYUSBCradle\ProxyDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
() C:\dKEYUSBCradle\stunnel-4.10.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Enounce Incorporated) C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Supra) C:\dKEYUSBCradle\SyncInfoApp.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Users\Steve\AppData\Local\Apps\2.0\KHVLPHP9.18A\31XEX2V0.Z78\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [228088 2006-12-14] (Sonic Solutions)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-24] (Google Inc.)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Run: [Dropbox Update] => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-09] (Dropbox, Inc.)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1341192 2016-02-26] (Enounce Incorporated)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\MountPoints2: E - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\MountPoints2: {2bf63e46-f41a-11e0-9203-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\MountPoints2: {5f67e3b8-d9c8-11e1-be95-f0def19554d4} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\MountPoints2: {e3fbff87-874d-11e1-a67c-f0def19554d4} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\MountPoints2: {fbe32e05-cde5-11e1-bb79-74e50b4257dc} - E:\MotoCastSetup.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DisplayKEY eSYNC Info.lnk [2013-10-03]
ShortcutTarget: DisplayKEY eSYNC Info.lnk -> C:\dKEYUSBCradle\SyncInfoApp.exe (Supra)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk [2013-09-23]
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Free.lnk [2016-06-07]
ShortcutTarget: ScreenHunter 6.0 Free.lnk -> C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe (Wisdom Software Inc. )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0DFD0924-23EF-4345-8764-A973F9CBBB3A}: [DhcpNameServer] 10.98.3.4 10.98.3.25
Tcpip\..\Interfaces\{7F93A314-0D72-4BCC-B934-6ACE8549ED29}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{EBF1A7A7-12D6-450C-9AD1-999F9681351F}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3939425501-3069869567-944910111-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGHP_en
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-04-13] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-04-13] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-3939425501-3069869567-944910111-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007
DPF: HKLM-x32 {165B3239-2565-49DB-8A82-F28631CE44ED} hxxp://qst.quickscreentrading.com/webstart.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3048

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lhfxbrf0.default [2016-12-16]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lhfxbrf0.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\lhfxbrf0.default -> hxxps://www.topproducer8i.com/14.2100.02.00/Login/Login.aspx?ReturnUrl=%2f14.2100.02.00%2fDefault.aspx
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2016-11-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-11-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2011-10-25] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3939425501-3069869567-944910111-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-3939425501-3069869567-944910111-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Steve\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-05-09] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3939425501-3069869567-944910111-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [2016-12-08] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3939425501-3069869567-944910111-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [2016-12-08] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2013-03-18] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npxsciter.dll [2011-11-17] ( )

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (sciter) - C:\Program Files (x86)\Mozilla Firefox\plugins\npxsciter.dll ( )
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (tossc) - C:\Program Files (x86)\thinkorswim\tossc32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2016-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 dKeySync; C:\dKEYUSBCradle\SyncService.exe [42496 2011-11-11] (Supra) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-09-17] ()
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341288 2011-10-25] (Nitro PDF Software)
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-14] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-14] (Sonic Solutions) [File not signed]
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 22:27 - 2016-12-16 22:28 - 00029249 _____ C:\Users\Steve\Downloads\FRST.txt
2016-12-16 22:27 - 2016-12-16 22:27 - 00000000 ____D C:\FRST
2016-12-16 22:26 - 2016-12-16 22:27 - 02420224 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2016-12-15 21:45 - 2016-12-15 21:45 - 00000000 ____D C:\Users\Steve\Desktop\Spyware Hammer 12-15-16
2016-12-15 21:09 - 2016-12-15 21:09 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds (1).com
2016-12-15 19:47 - 2016-12-15 19:47 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-12-15 19:47 - 2016-12-15 19:47 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
2016-12-15 19:47 - 2016-12-15 19:47 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-15 19:47 - 2016-12-15 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-15 19:47 - 2016-12-15 19:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-15 19:43 - 2016-12-15 19:44 - 28542728 _____ (SUPERAntiSpyware) C:\Users\Steve\Downloads\SUPERAntiSpyware.exe
2016-12-15 19:16 - 2016-12-15 19:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-13 18:16 - 2016-12-14 08:00 - 00000000 ____D C:\Users\Steve\Desktop\!Cruise 2016
2016-12-04 14:41 - 2016-12-15 20:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-26 10:45 - 2016-12-16 21:24 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2016-11-16 08:16 - 2016-11-16 08:16 - 00084000 _____ C:\Users\Steve\Downloads\Purchase and Sales 2 Brandy Rock.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 22:25 - 2012-09-12 18:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-16 22:15 - 2015-06-17 18:47 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000UA.job
2016-12-16 22:14 - 2015-06-17 18:47 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000Core.job
2016-12-16 22:06 - 2015-06-09 11:22 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3939425501-3069869567-944910111-1000.job
2016-12-16 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-12-16 21:39 - 2014-06-07 08:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-16 21:37 - 2014-02-26 16:29 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3939425501-3069869567-944910111-1000.job
2016-12-16 21:29 - 2011-11-04 08:12 - 00000000 ____D C:\ProgramData\LogMeIn
2016-12-16 21:29 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 21:29 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 21:28 - 2016-02-24 18:21 - 00070656 _____ C:\Users\Steve\Desktop\Einstein Finance 10-27-2015.xls
2016-12-16 21:25 - 2011-11-03 20:18 - 00000000 ____D C:\Users\Steve\AppData\Local\CrashDumps
2016-12-16 21:22 - 2013-07-21 09:48 - 00000000 ___RD C:\Users\Steve\Dropbox
2016-12-16 21:18 - 2011-11-03 11:22 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
2016-12-16 21:14 - 2013-04-09 20:55 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-12-16 21:14 - 2011-10-28 02:36 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-12-16 21:14 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-16 16:00 - 2011-10-28 02:36 - 00003498 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-12-16 16:00 - 2011-10-28 02:36 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-12-16 15:20 - 2011-11-24 10:20 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 15:20 - 2011-11-24 10:20 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 07:31 - 2016-05-10 12:15 - 00000596 _____ C:\Windows\Tasks\TradeStation Backup - Daily.job
2016-12-16 00:29 - 2011-11-24 10:10 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B0F12DE4-780F-4E54-A2AA-597B69323186}
2016-12-15 20:50 - 2012-07-17 23:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 19:16 - 2013-07-21 09:45 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Dropbox
2016-12-15 19:04 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-15 18:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-15 10:43 - 2016-05-10 12:15 - 00000604 _____ C:\Windows\Tasks\TradeStation Backup - Monthly.job
2016-12-15 10:43 - 2015-01-20 16:58 - 00000600 _____ C:\Windows\Tasks\TradeStation Backup - Weekly.job
2016-12-14 21:23 - 2011-12-30 09:32 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:23 - 2011-12-30 09:32 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 15:25 - 2012-09-12 18:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 15:25 - 2012-06-30 10:43 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 15:25 - 2011-10-28 23:13 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 15:25 - 2011-10-28 23:13 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 15:25 - 2011-10-11 10:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-11 13:20 - 2016-02-24 18:21 - 00120320 _____ C:\Users\Steve\Desktop\Einstein 10-27-15.xls
2016-12-11 08:40 - 2015-06-09 11:22 - 00003690 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3939425501-3069869567-944910111-1000
2016-12-11 08:40 - 2014-02-26 16:29 - 00003594 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3939425501-3069869567-944910111-1000
2016-12-10 21:44 - 2009-07-14 00:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-08 21:05 - 2013-04-15 04:44 - 00000000 ____D C:\Users\Steve\.thinkorswim
2016-12-08 21:05 - 2011-10-28 00:56 - 00000000 ____D C:\Program Files (x86)\thinkorswim
2016-12-08 09:04 - 2013-10-03 18:48 - 00000000 ____D C:\dKEYUSBCradle
2016-12-04 03:32 - 2011-10-28 11:18 - 00000000 ____D C:\Program Files (x86)\TradeStation Archives
2016-12-03 19:04 - 2011-11-24 21:32 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Nitro PDF
2016-11-30 07:31 - 2011-10-28 02:36 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-11-29 22:13 - 2011-10-28 02:36 - 00004238 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-11-29 22:09 - 2015-06-17 18:47 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000UA
2016-11-29 22:09 - 2015-06-17 18:47 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000Core
2016-11-29 20:59 - 2009-07-14 00:13 - 00790214 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-29 20:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-29 15:39 - 2011-10-28 02:35 - 00000000 ____D C:\Users\Steve
2016-11-29 15:24 - 2015-04-05 17:18 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-29 15:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-11-16 08:16 - 2012-04-29 20:01 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF

==================== Files in the root of some directories =======

2013-11-14 08:27 - 2016-01-02 17:00 - 0009321 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values (Windows).EML
2011-10-28 10:31 - 2011-10-28 10:31 - 0000320 _____ () C:\Users\Steve\AppData\Roaming\SEC517874.trad
2012-09-03 08:03 - 2012-09-03 08:03 - 0000320 _____ () C:\Users\Steve\AppData\Roaming\SEC540721.trad
2013-06-08 10:03 - 2013-12-13 09:14 - 0004608 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-24 20:56 - 2016-03-08 21:12 - 0596564 _____ () C:\Users\Steve\AppData\Local\rx_audio.Cache
2011-12-24 20:55 - 2013-10-04 03:44 - 9203888 _____ () C:\Users\Steve\AppData\Local\rx_image.Cache
2012-10-15 19:49 - 2012-10-15 19:49 - 0000437 _____ () C:\Users\Steve\AppData\Local\WiDiLog.20121015.204919.txt
2012-10-15 19:48 - 2012-10-15 19:49 - 0024512 _____ () C:\Users\Steve\AppData\Local\WiDiSetupLog.20121015.204829.txt
2013-03-23 16:58 - 2016-09-09 08:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\7hhrzfmu.dll
C:\Users\Steve\AppData\Local\Temp\cct.dll
C:\Users\Steve\AppData\Local\Temp\clean20.dll
C:\Users\Steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeawmme.dll
C:\Users\Steve\AppData\Local\Temp\GACInstaller.dll
C:\Users\Steve\AppData\Local\Temp\GURC4A5.exe
C:\Users\Steve\AppData\Local\Temp\GURFED7.exe
C:\Users\Steve\AppData\Local\Temp\instutil.dll
C:\Users\Steve\AppData\Local\Temp\JavaIC.dll
C:\Users\Steve\AppData\Local\Temp\jna3125848483973905372.dll
C:\Users\Steve\AppData\Local\Temp\jna3224615257275382664.dll
C:\Users\Steve\AppData\Local\Temp\jna6660853084761724589.dll
C:\Users\Steve\AppData\Local\Temp\jna7718488063777336231.dll
C:\Users\Steve\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Steve\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Steve\AppData\Local\Temp\msscct32.dll
C:\Users\Steve\AppData\Local\Temp\mssinstaller.exe
C:\Users\Steve\AppData\Local\Temp\RegistASM.exe
C:\Users\Steve\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Steve\AppData\Local\Temp\TSInst10.exe
C:\Users\Steve\AppData\Local\Temp\TSInstallCAUtils.dll
C:\Users\Steve\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Steve\AppData\Local\Temp\_is5014.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-18 16:44

==================== End of FRST.txt ============================


Offline chuckles

  • Bronze Member
  • Posts: 93
Re: Laptop running very slow,hangs once in a while
« Reply #3 on: December 16, 2016, 09:38:30 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Steve (16-12-2016 22:28:20)
Running from C:\Users\Steve\Downloads
Windows 7 Professional Service Pack 1 (X64) (2011-10-28 07:35:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3939425501-3069869567-944910111-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3939425501-3069869567-944910111-1002 - Limited - Enabled)
Guest (S-1-5-21-3939425501-3069869567-944910111-501 - Limited - Enabled)
Steve (S-1-5-21-3939425501-3069869567-944910111-1000 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
BlackBerry USB Drivers (HKLM-x32\...\{E37E645E-4A0C-4D9E-B30A-7B19E797E743}) (Version: 2.00.0005 - Smith Micro Software, Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
Brother HL-5250DN (HKLM-x32\...\{AAE8E7F1-847A-4116-BFE2-A2B41BB86CB0}) (Version: 1.00 - Brother)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayKEY USB Cradle (HKLM\...\{BBA09DF4-4519-4BD0-B203-A58CACB92DFA}) (Version: 2.0.0.329 - Supra)
Dropbox (HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\Dropbox) (Version: 16.4.29 - Dropbox, Inc.)
Excel Adapter API v1.2 (HKLM-x32\...\ExcelAdapterAPI_is1) (Version:  - Quick Screen Trading)
Excel Adapter v1.2 (HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\ExcelAdapter_is1) (Version:  - Quick Screen Trading)
Faasoft Audio Converter 5.2.23.5604 (HKLM-x32\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version:  - Faasoft Corporation)
FlipShare (HKLM-x32\...\{67D15B01-9A6B-0397-002A-D2A015212748}) (Version: 5.8.11.0 - Flip Video)
FXCM Trading Station (HKLM-x32\...\FXTS2) (Version:  - Forex Capital Markets, LLC ("FXCM LLC"))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HL-5450DN (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
hotComm® CL (HKLM-x32\...\hotComm® CL) (Version: 8.00.008x - 1stWorks Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KONICA MINOLTA C360Series (HKLM\...\KONICA MINOLTA C360Series Installer) (Version:  - KONICA MINOLTA)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySpeed v5.5.1 (HKLM-x32\...\{474223DB-868E-42D3-9645-6DF23C06F51B}) (Version: 5.05.0423 - Enounce Incorporated)
Network Recording Player (HKLM-x32\...\{901D94F6-8815-4D35-ACB0-FD40057BD400}) (Version: 28.10.0.16277 - Cisco WebEx LLC)
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS (HKLM-x32\...\{73602FD6-3749-461D-870C-D171C510191A}) (Version: ANH00-NH - )
Nitro Reader 2 (HKLM\...\{5CF37F1F-7C84-421C-8E7A-C8859CCFEBD3}) (Version: 2.1.0.13 - Nitro PDF Software)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.10 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Replay Video Capture (HKLM-x32\...\Replay Video Capture4.2) (Version: 4.2 - Applian Technologies Inc.)
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.24 - Roxio)
Roxio RecordNow 9 Music Lab (HKLM-x32\...\{0F2FFDCA-43EB-47C0-A02E-D9A2ECF98A8A}) (Version: 9.0.176 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
ST_HOLB_LOHB Indicator (HKLM-x32\...\ST_HOLB_LOHB Indicator) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
thinkorswim (HKLM-x32\...\thinkorswim) (Version:  - thinkorswim, Inc)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.02 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Top Producer Editor (HKLM-x32\...\Top Producer Editor_is1) (Version:  - )
TradeStation 9.0 (HKLM-x32\...\{6EF11260-2361-409D-B91C-373D8732EED8}) (Version: 9.0.0.8997 - TradeStation Technologies)
TradeStation 9.1 (HKLM-x32\...\{B948B39D-214F-486E-BCD9-8AB691F8762A}) (Version: 9.01.00.12191 - TradeStation Technologies)
TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.3070 - TradeStation Technologies)
TTM Squeeze 2.2 (HKLM-x32\...\TTM Squeeze_is1) (Version:  - TradeTheMarkets.com)
TweetDeck (HKLM-x32\...\{C5AC39F1-001D-4338-84C6-35109525588A}) (Version: 1.0.0 - Twitter, Inc.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VectorVest 7 (HKLM-x32\...\{e35e9130-f281-4c61-ac1d-ece05f8f80eb}) (Version: 1.24.26.0 - VectorVest, Inc.)
VectorVest U.S. (HKLM-x32\...\{A6B82920-25DD-41B5-A680-5B6FB65BA6D9}) (Version: 1.4.9 - VectorVest, Inc.)
VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.1.91 - VeriSign)
VisionQST (HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\VisionQST) (Version:  - Vision Financial Markets LLC)
WD SmartWare Drive Manager (HKLM\...\{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}) (Version: 1.5.0 - Western Digital)
Windows Driver Package - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)
Windows Driver Package - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/05/2011 15.3.6.0) (HKLM\...\C63C03BF3BE2B6F6204BB54541690449FFF79F4F) (Version: 05/05/2011 15.3.6.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
Xingtone Ringtone Maker (HKLM-x32\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
Zoom (HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939425501-3069869567-944910111-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18C187B4-6B5C-414C-B926-0E83FF629C82} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {18EAB6BD-911C-4FD7-956E-04BA643A474D} - System32\Tasks\G2MUploadTask-S-1-5-21-3939425501-3069869567-944910111-1000 => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe [2016-12-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {21CF7618-A4EF-42C4-BB95-527186095F71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {2D34FAD7-2762-4D19-9CDF-FA797039273D} - System32\Tasks\{B495ECE1-B066-46D7-8D84-03B4CF3FB655} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.22.64.107&amp;LastError=12031
Task: {3F95F154-9CC8-4293-AA8A-3249E544A88F} - System32\Tasks\{34C91209-90BC-4CF5-97F0-F3E43D579624} => pcalua.exe -a E:\MotoCastSetup.exe -d E:\ -c -a
Task: {57837219-5B63-46EA-8092-A3F00BCD8DB1} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3939425501-3069869567-944910111-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {6B66AA15-F453-40F9-B4F4-3C1902167146} - System32\Tasks\G2MUpdateTask-S-1-5-21-3939425501-3069869567-944910111-1000 => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe [2016-12-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6E47E223-24C2-498E-BEFD-FFF7EDD45A26} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000UA => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-09] (Dropbox, Inc.)
Task: {713F8E80-469E-4938-823F-A7A58285B773} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {7445AF0E-AC44-4039-82A8-AD9F4E945F49} - System32\Tasks\{915296AC-CBCC-4737-8AFC-959C9A7F1152} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DO7CI9ZO\hclsetup.exe" -d C:\Users\Steve\Desktop
Task: {77144B4C-327C-4765-B21B-5FE94CC69A56} - System32\Tasks\TradeStation Backup - Weekly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2016-11-09] (TradeStation Technologies, Inc.)
Task: {79D6FD7F-2E70-48A0-B689-400F8CBDEFE2} - System32\Tasks\TradeStation Backup - Monthly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2016-11-09] (TradeStation Technologies, Inc.)
Task: {7F98FCDB-DBBA-473E-AEA4-3439FDBCE64B} - System32\Tasks\TradeStation Backup - Daily => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2016-11-09] (TradeStation Technologies, Inc.)
Task: {90D0AD4C-8B83-4D4E-8066-15F8129FF71A} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {92AFDAD3-D5D4-4789-A7AA-67F7064D1F7E} - System32\Tasks\{F0788EC8-2F24-4102-8409-E947189C7652} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5A2F2OTP\jre-8u101-windows-i586.exe" -d C:\Users\Steve\Desktop
Task: {9D56FC27-FE29-4FD3-8E36-AE856B420EB4} - System32\Tasks\{79CDD109-7C8A-4F72-B06D-3B6B531E70F1} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.22.64.107/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {A07495CB-CA68-45A3-B007-D810D853CA66} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {A0B621B4-32C5-4616-B8EB-6CD7E2B9477D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {A1E2E377-2BB9-4549-9E36-B56565CA6D89} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {A88C37E3-4F91-446D-BB5B-E67FE9BD9B77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {A9E21461-B743-4798-B38D-C2EE25E18A3D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {C4AC3F74-F862-4184-AB49-B3C7DE569C95} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {D433993F-5525-4AAF-9628-F013C79C4095} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {D6D6A307-4335-4A4B-9B6B-0564D16C7B23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000Core => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-09] (Dropbox, Inc.)
Task: {F2197AF4-A37E-418A-9DC7-6638CA447F36} - System32\Tasks\{C9FE51E9-C185-4D88-A868-BADE3C5EAEB8} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68CWO7FC\hclsetup.exe" -d C:\Users\Steve\Desktop
Task: {F761FD36-9B5E-48D6-8342-026AD88DCD17} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {FBCCEA15-A056-48AA-A43E-84886B2BD2DC} - System32\Tasks\{E5722436-8A0E-45DE-8375-53DB993163FD} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27WZSCV1\IntegratedInvestorUpgrade52[4].exe" -d C:\Users\Steve\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000Core.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3939425501-3069869567-944910111-1000UA.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3939425501-3069869567-944910111-1000.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3939425501-3069869567-944910111-1000.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\TradeStation Backup - Daily.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeK/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Daily.tsb
Task: C:\Windows\Tasks\TradeStation Backup - Monthly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeM/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Monthly.tsb
Task: C:\Windows\Tasks\TradeStation Backup - Weekly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeL/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Weekly.tsb

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\VectorVest U.S..lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.vectorvest.com/VVLogin/License.aspx?type=1

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 15:53 - 2010-12-17 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-20 11:07 - 2011-03-10 16:14 - 00015360 _____ () C:\Windows\System32\KOAZ8S_L.DLL
2012-01-20 11:06 - 2011-03-10 16:14 - 00015360 _____ () C:\Windows\System32\KOAZ8J_L.DLL
2013-08-28 00:19 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2011-11-24 21:31 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-08-28 00:19 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2011-10-11 10:23 - 2016-04-14 05:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-09-17 21:14 - 2010-09-17 21:14 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2011-11-11 13:27 - 2011-11-11 13:27 - 00073216 _____ () C:\dKEYUSBCradle\stunnel-4.10.exe
2011-10-11 09:55 - 2011-05-05 06:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2010-12-17 15:53 - 2010-12-17 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-10-11 10:21 - 2010-10-25 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-10-11 10:21 - 2011-04-27 18:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-03 18:04 - 2016-09-10 11:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2009-05-28 00:09 - 2009-05-28 00:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2010-08-03 16:47 - 2010-08-03 16:47 - 02244608 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2010-09-17 21:13 - 2010-09-17 21:13 - 02826240 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2010-09-17 21:07 - 2010-09-17 21:07 - 00733184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-08-03 16:47 - 2010-08-03 16:47 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-08-03 16:47 - 2010-08-03 16:47 - 00978944 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-08-03 16:47 - 2010-08-03 16:47 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-08-03 16:47 - 2010-08-03 16:47 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2005-03-28 23:58 - 2005-03-28 23:58 - 00847872 _____ () C:\dKEYUSBCradle\libeay32.dll
2010-03-16 08:52 - 2010-03-16 08:52 - 00159744 _____ () C:\dKEYUSBCradle\libssl32.dll
2011-10-11 10:24 - 2010-04-06 11:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-11 10:24 - 2010-04-06 11:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2010-06-16 12:48 - 2010-06-16 12:48 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-06-16 12:48 - 2010-06-16 12:48 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-06-16 12:48 - 2010-06-16 12:48 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2006-12-13 23:32 - 2006-12-13 23:32 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2016-11-01 11:47 - 2016-11-11 15:36 - 00035792 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-11-01 11:47 - 2016-11-11 15:36 - 00100296 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-11-01 11:47 - 2016-11-11 15:36 - 00018888 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\select.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00019760 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-11-01 11:47 - 2016-11-11 15:36 - 00694224 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00020816 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-11-01 11:47 - 2016-11-11 15:37 - 00123856 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 01682760 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00020808 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-12-15 19:16 - 2016-11-11 15:36 - 00145864 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-12-15 19:16 - 2016-11-11 15:37 - 00019408 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-12-15 19:16 - 2016-11-11 15:36 - 00116688 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-11-01 11:47 - 2016-11-11 15:38 - 00105928 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00021312 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00052024 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00038696 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-12-15 19:16 - 2016-11-11 15:36 - 00392144 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-12-15 19:16 - 2016-11-11 15:38 - 00020936 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-11-01 11:47 - 2016-11-11 15:38 - 00024528 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00116176 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00381752 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-11-01 11:47 - 2016-11-11 15:38 - 00124880 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00025424 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-01 11:47 - 2016-11-11 15:38 - 00024016 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-11-01 11:47 - 2016-11-11 15:38 - 00175560 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-11-01 11:47 - 2016-11-11 15:38 - 00030160 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00043472 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00048592 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-11-01 11:47 - 2016-11-11 15:38 - 00057808 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00024016 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00246592 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00026456 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-01 11:47 - 2016-11-11 15:37 - 00241104 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00020280 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00028616 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00023376 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00020800 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00019776 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00020800 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00350152 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00022352 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00024392 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-12-15 19:16 - 2016-11-11 15:35 - 00036296 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\librsync.dll
2016-12-15 19:16 - 2016-12-12 09:16 - 00084280 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-12-15 19:16 - 2016-12-12 09:16 - 01826096 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-11-01 11:47 - 2016-11-11 15:37 - 00083912 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\sip.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00531248 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-12-15 19:16 - 2016-12-12 09:17 - 03928880 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 01972528 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-12-15 19:16 - 2016-12-12 09:17 - 00133424 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-12-15 19:16 - 2016-12-12 09:17 - 00224056 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00207672 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00020288 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-12-15 19:16 - 2016-11-11 15:42 - 00017864 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-12-15 19:16 - 2016-11-11 15:42 - 01631184 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-12-15 19:16 - 2016-12-12 09:16 - 00042808 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-12-15 19:16 - 2016-12-12 09:17 - 00171320 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00357680 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-11-01 11:47 - 2016-11-11 15:39 - 00060880 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-11-01 11:47 - 2016-12-12 09:17 - 00024904 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-15 19:16 - 2016-12-12 09:16 - 00546096 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-11-01 11:47 - 2016-11-11 15:44 - 00697304 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2014-10-16 22:30 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-12-14 21:23 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 21:23 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Steve\Desktop\!Cruise 2016:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\116 Westminster, Manchester:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\31 Hunter Drive.mp4:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\BNI 10-19-16:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\Neil Yeager 2-23-16.wmv:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\Neil Yeagerr 2-24-16.wmv:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\ScreenHunter_01 Jun. 07 21.42.jpg:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\Spyware Hammer 12-15-16:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\VID_20131108_111210_542.mp4:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\Volatility Master Series, wk 2.wmv:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Desktop\Volatility Master Series, wk 3.wmv:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\! BUYER MASTER FOLDER:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\! Computer ideas:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\! New Listing Master 11-28-2013:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\! TRADING:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Carter Daily Videos:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Chuck WOW:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Consciousness Engineering by Vishen Lakhiani:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Day Trading for a Living:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Divergent _ yr memebership May 2015-2016:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Don Kaufman:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\John Carleo Exercise:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\John Carter_Options Trading:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\My Secret Weapon Andrew Keene.wmv:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Options for Quick Wealth Building Workshop_3-1-14:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Stuff From Cell Phone:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Todd Mitchell, from Cynthia Sullivan:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Toms Trading Room:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Vector Vest:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Steve\Documents\Wealth Weekend Institute:Roxio EMC Stream [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\topproducer8i.com -> hxxps://www.topproducer8i.com
IE trusted site: HKU\S-1-5-21-3939425501-3069869567-944910111-1000\...\vectorvest.com -> www.vectorvest.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3939425501-3069869567-944910111-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94AFF350-6662-407B-AFE9-7567D3B8D2EA}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F9DEFD2C-334E-4BEB-A0D9-E9981B51218A}] => LPort=2869
FirewallRules: [{46D02289-EFC7-4F61-997A-B27FF078EC15}] => LPort=1900
FirewallRules: [{13574DCF-50AE-4FDD-BAC7-E19C814832B5}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DAFC021A-DBED-4432-AA42-3F295D518CC3}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{45E51CB3-1A8B-4018-BDB0-6A17CCFE6981}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9C004324-600A-4004-8F85-B506ADA7B335}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{A29AF2D8-A447-46C9-98CF-6066DE524104}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B34B24B6-BA4E-4791-9F80-47D67E838148}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DFAA9466-953C-4894-A8AE-08185E56A401}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [UDP Query User{39514E45-E15C-43CC-A8A9-B1803236BAF8}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [TCP Query User{A365E5E3-A720-419F-AE44-42507897A093}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [UDP Query User{C41C5FEA-BD2F-4FF8-B161-DE985987B597}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [{A2168272-5CE4-49DB-AC26-1BF1DC11481D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9713DA5F-6BF9-4484-9A8F-F5AFFE6FA928}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{6E32BB01-DC62-42DE-9243-412781A52BF1}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{B8103126-A7F3-4A5B-9426-6F071E073C72}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe] => C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe
FirewallRules: [UDP Query User{BAEEAD62-2A3D-4E0E-9CC4-8D5042DECF3A}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe] => C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe
FirewallRules: [TCP Query User{7B234E7F-2D39-4669-B2AF-C6497EEBA5E2}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{659B79D3-CF4F-4BC7-B031-8D5B2796AAAF}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe
FirewallRules: [{960717DF-9FA4-46A5-9078-90270502076B}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{F4DF3425-97BC-4A92-85E9-F07FD0AB8358}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe] => C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe
FirewallRules: [UDP Query User{7BC05C7B-AD77-4D59-9C0E-4A8692835017}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe] => C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe
FirewallRules: [{83FA49B8-3D08-4902-A155-AC03463C2074}] => C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7B3A36BD-1116-4FC7-B732-5BCCC5A769B6}] => C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{FE8EA54C-1B06-48EC-8013-3912AA49C986}C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6A934B5E-EBB9-4D4B-96CE-6C4C1D0BE66B}C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{7D9CA8A5-DACA-4671-AEAC-C3E697625DEA}C:\users\steve\appdata\local\temp\lmib25e.tmp\logmein client.exe] => C:\users\steve\appdata\local\temp\lmib25e.tmp\logmein client.exe
FirewallRules: [UDP Query User{00B931D4-416D-49DC-867E-36B29C4F57E6}C:\users\steve\appdata\local\temp\lmib25e.tmp\logmein client.exe] => C:\users\steve\appdata\local\temp\lmib25e.tmp\logmein client.exe
FirewallRules: [{7FD963C8-843C-40DD-A47F-0C70B937E757}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35FAF8EE-14B4-4E41-A5E4-C97B0ED46180}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F98AC7F7-34E0-4A13-9318-F47B16C22CDF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{33BBA046-CBD0-49E3-91EE-33D4B5C7EA7C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{664C8470-CC5C-4AA2-9A33-7952202F949B}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{78FE2EB9-B27C-469C-92C1-68FED1380B54}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EDC3A6E2-F5F9-418F-BCDA-B8157A241EE1}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F37D82F3-C904-4066-B658-ADDAF7588FC4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-10-2016 10:53:18 Installed Lenovo Power Management Driver
09-10-2016 21:09:11 Windows Update
18-10-2016 14:00:22 Windows Update
01-11-2016 11:45:49 Windows Update
09-11-2016 18:48:20 Windows Update
22-11-2016 21:27:42 Windows Update
29-11-2016 15:27:04 Windows Update
07-12-2016 07:29:32 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2016 09:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18315, time stamp: 0x571ae616
Faulting module name: MMDevApi.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b892
Exception code: 0xc0000005
Fault offset: 0x000018f6
Faulting process id: 0x1780
Faulting application start time: 0x01d2580cd51d7f3e
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\System32\MMDevApi.dll
Report Id: 1e7a66e5-c400-11e6-8538-f0def19554d4

Error: (12/16/2016 09:15:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/16/2016 09:12:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2390

Start Time: 01d2580ad7e8e7c5

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (12/16/2016 04:01:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:01:04:2700)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (12/16/2016 04:01:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:01:04:2700)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (12/16/2016 04:01:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:01:04:2700)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (12/16/2016 04:01:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:01:04:2540)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (12/16/2016 04:00:37 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:00:37:1160)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (12/16/2016 04:00:37 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:00:37:1160)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (12/16/2016 04:00:37 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7620) Asapi: (16:00:37:1150)(7620) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale: language = en, customer = lenovo, variant = ltt


System errors:
=============
Error: (12/16/2016 09:22:13 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:22:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:22:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:22:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:21:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:20:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:20:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:19:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:19:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2016 09:18:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


CodeIntegrity:
===================================
  Date: 2016-09-03 06:47:33.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.983
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:32.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:31.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 06:47:31.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 4007.23 MB
Available physical RAM: 1625.56 MB
Total Virtual: 8012.65 MB
Available Virtual: 5029.17 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.87 GB) (Free:101.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B10BF8A4)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #4 on: December 18, 2016, 04:11:40 AM »


Hello chuckles,


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]

Start:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {9D56FC27-FE29-4FD3-8E36-AE856B420EB4} - System32\Tasks\{79CDD109-7C8A-4F72-B06D-3B6B531E70F1} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.22.64.107/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
cmd: ipconfig /flushdns
EmptyTemp:
Reboot:


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
>>>>>>>>>>>>>>>>>>>>>>

Please download & run as Administrator AdwCleaner & save it to your desktop

  • Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan in the Actions box
  • Please wait for the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
       
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot

    After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply....
   
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click the AdwCleaner icon on your desktop.

NOTE: Please make sure you are using the AdwCleaner distrubuted by the legitimate vendor- Malwarebytes.
>>>>>>>>>>>>>>>>>>
Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>>>>>>>

I need the Fixlog.txt,AdwCleaner log & JRT.txt please.

Do you use this program:-Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows. ?
>>>>>>>>>>>>>>>>>>
Platypuss



[/B]

Offline chuckles

  • Bronze Member
  • Posts: 93
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #5 on: December 18, 2016, 07:30:48 AM »
Do you use this program:-Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows. ?  No, I do not.

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by Steve (18-12-2016 07:43:13) Run:1
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {9D56FC27-FE29-4FD3-8E36-AE856B420EB4} - System32\Tasks\{79CDD109-7C8A-4F72-B06D-3B6B531E70F1} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.22.64.107/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
cmd: ipconfig /flushdns
EmptyTemp:
Reboot:
*****************

Start: => Error: No automatic fix found for this entry.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D56FC27-FE29-4FD3-8E36-AE856B420EB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D56FC27-FE29-4FD3-8E36-AE856B420EB4}" => key removed successfully
C:\Windows\System32\Tasks\{79CDD109-7C8A-4F72-B06D-3B6B531E70F1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79CDD109-7C8A-4F72-B06D-3B6B531E70F1}" => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 150200070 B
Java, Flash, Steam htmlcache => 113544 B
Windows/system/drivers => 1128832667 B
Edge => 0 B
Chrome => 801420915 B
Firefox => 375881495 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 52502 B
LocalService => 16384 B
NetworkService => 184186156 B
Steve => 3285754738 B

RecycleBin => 1010369075 B
EmptyTemp: => 6.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:51:27 ====

# AdwCleaner v6.041 - Logfile created 18/12/2016 at 08:13:54
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-18.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Steve - STEVE-THINK
# Running from : C:\Users\Steve\Downloads\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[!] Folder not deleted: C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
  • [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
  • Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
  • [-] Key deleted:
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
  • [-] Key deleted:
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
  • [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\smartsuggestor.net
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\smartsuggestor.net



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6529 Bytes] - [18/12/2016 08:13:54]
C:\AdwCleaner\AdwCleaner[R0].txt - [3567 Bytes] - [22/09/2013 14:09:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [3593 Bytes] - [22/09/2013 14:14:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [6743 Bytes] - [18/12/2016 08:12:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6821 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by Steve (Administrator) on Sun 12/18/2016 at  8:23:51.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 54

Successfully deleted: C:\Users\Steve\AppData\Local\{02E6AFD2-7DEE-4A57-9FA7-9BD5563865F7} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{06C2D74E-EFBD-46B5-AD05-0AC805311B19} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{08A7D83A-698C-409F-89CB-D4B7DE494152} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{104623B5-2D67-4D4F-A8DE-2F7F6AE48711} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{129D960E-2AC8-4000-BF72-F9306520A2C0} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{1CB1C1D3-65B8-4F8E-87F6-D827B785B87F} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{24C84A37-AFDC-45D4-B1FD-E3D7835A4E49} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{25C76B4B-60ED-4F3E-B2B4-C39DA6461F9D} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{2C56575C-7951-4BD4-8BCD-D8FB59E5A8D0} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{30592CCD-D351-4EAD-A6B6-573B0A85463F} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{3491AD40-91E6-4E52-A052-CF50008B94C7} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{35194D4B-99A6-4500-954E-C03D2807980B} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{36C5E380-AD26-443B-98C9-42F8A7D0CC4A} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{39A17BF5-70A5-4DBC-B997-5F751A3C2F85} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{3C0EE786-3FE8-4EF4-B585-9F0BE8BD7AAF} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{3FCDAD4B-4B3F-4559-B08C-7ACAC54F97CC} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{42C84235-8AA0-4445-8195-00FCCFC0BE7E} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{5B613DCF-3C03-431B-A463-D2D81E8D3F74} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{645629AB-95B0-4F93-9A72-0F848DDB31A0} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{6C6C6CB0-B717-4C45-8662-F5C6293FBF4B} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{70FE8713-CF0E-46C6-86A0-A1CCE495D33F} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{717ACEA0-CF0D-461F-845E-B48794FFA832} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{720FC0CA-A1D7-4BCC-B08A-6CD4DE50FCBC} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{72AAADFE-4D59-422E-8934-CAF621FE29A6} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{72D2B945-449F-41A8-98CA-99A2F3E728DE} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{826109D0-E4F9-4D91-B851-C6BC001FBFB1} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{904D15B4-BB96-4476-A16D-818C15B7DFB1} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{9208938F-F535-4C5C-8965-7A885BE2D7CD} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{947C9828-E7A3-4B33-AB87-35BF05980FC2} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{A1EB3CD9-05D8-4294-BE0A-FAF30521C019} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{A1FDA4AE-B1A2-484F-89BA-CF30818BC31A} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{B0CFEE31-F691-438E-8923-0FF9CC0C01BF} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{B72406B5-9E7E-4BC7-B1C8-6BC4EEDA874A} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{B8A91EC7-5996-4AAC-B230-B279DE75540A} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{C03FEE42-6297-4A34-97BA-FFAA63FAF5B4} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{C0A2CD39-B16C-41D4-882C-3D4168DEF467} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{C0D93233-A7E3-49A1-A309-F36E0753B100} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{C19C7D33-71CA-4A93-9781-B6D425B9633B} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{C28F6B7E-D5E8-437F-9CBE-A695B835ED5B} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{C41F99BE-AF9B-43F6-A7D4-FD9BAED48F95} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{D3387D88-4F19-4629-A4B0-9659CCC7EF84} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{DBF246E7-45C7-440F-AED2-F55BB61DAEE3} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{F49E4382-5943-4A3A-BEC4-831986D4BEC9} (Empty Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\{FF453485-2D4A-4336-AB71-42414E592BFD} (Empty Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job (Task)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U0R1W6P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0EXXTEI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDX40JA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIN3PYRA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U0R1W6P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0EXXTEI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDX40JA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIN3PYRA (Temporary Internet Files Folder)

Deleted the following from C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lhfxbrf0.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/18/2016 at  8:28:09.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #6 on: December 18, 2016, 11:37:33 AM »


 

  Remove Programs Using Control Panel

From Start>Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

PC-Doctor for Windows
Lenovo ThinkVantage Toolbox


Take extra care in answering questions posed by any Uninstaller.
>>>>>>>>>>>>>>>>>>>


How is your laptop running now?
Please advise if symptoms still exist.

If it is running satisfactorily please run this scanner:-

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed.
This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner HERE

**Note** You will need to use Internet Explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART Installer during the process)

Go to Eset web page HERE to run an online scan from ESET.
   
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
       
  • Click on the Run ESET Online Scanner button Click Start
       
  • When asked, allow the add/on to be installedClick Start
       
  • Make sure that the option "Remove found threats" is UNticked
       
  • Click on Advanced Settings, ensure the following options are checked:
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

   
  • Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
        Click Scan
       
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete
   
  • If no threats were found
       
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

Please copy & paste the log  (If applicable) here.






Offline chuckles

  • Bronze Member
  • Posts: 93
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #7 on: December 19, 2016, 05:20:48 AM »
"Click on back    .... put a checkmark in "Uninstall application on close"   i didn't see where that was...  After the files were found, I simply saved the .txt file, and closed the scan.

C:\Windows\Installer\7c294.msi   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,Win32/Bundled.Toolbar.Ask.H potentially unsafe application   
C:\_OTM\MovedFiles\09242013_010029\C_FRST\Quarantine\ApnStub.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   
C:\_OTM\MovedFiles\09242013_010029\C_FRST\Quarantine\Ask.com\GenericAskToolbar.dll   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   
C:\_OTM\MovedFiles\09242013_010029\C_FRST\Quarantine\Ask.com\precache.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   
C:\_OTM\MovedFiles\09242013_010029\C_FRST\Quarantine\Ask.com\SaUpdate.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   
C:\_OTM\MovedFiles\09242013_010029\C_FRST\Quarantine\Ask.com\UpdateTask.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   
C:\_OTM\MovedFiles\09242013_010029\C_FRST\Quarantine\Ask.com\Updater\Updater.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   




Offline chuckles

  • Bronze Member
  • Posts: 93
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #8 on: December 19, 2016, 08:23:45 AM »
"How is your laptop running now? Please advise if symptoms still exist."  Laptop boots up quickly now an is running quite well.  Does not seem to be hanging.  From my side, no problems!

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #9 on: December 19, 2016, 09:09:20 AM »

Good that your laptop is running well now.
I would like to make sure that all remnants of the Ask Toolbar have been cleaned.

Please run your copy of Junkware Removal Tool again:-
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>>>>>>>
Platypuss




Offline chuckles

  • Bronze Member
  • Posts: 93
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #10 on: December 19, 2016, 10:19:09 PM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by Steve (Administrator) on Mon 12/19/2016 at 23:06:23.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U0R1W6P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0EXXTEI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDX40JA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIN3PYRA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U0R1W6P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0EXXTEI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDX40JA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIN3PYRA (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/19/2016 at 23:09:42.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #11 on: December 20, 2016, 03:35:19 AM »


 
  Your computer appears to be clean now.
  So just one final scanner to run which removes my tools & conducts necessary maintenance:-

  Please download Delfix by Xplode and save it to your desktop.

Or use the following if first link is down:
Delfix

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:
  • Activate UAC
       
  • Remove disinfection tools
       
  • Create registry backup
       
  • Purge System Restore
       
  • Reset system settings
Now click on Run and wait patiently until the tool has completed.
The tool will create a log when it has completed. I don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:C:\Windows\ERUNT.

Next,

Please read the following link to fully understand PC security and best practices, you may find it very useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Thank you for your attentive responses, it was a pleasure to work wioth you

Platypuss
>>>>>>>>>>>>>>>

Offline chuckles

  • Bronze Member
  • Posts: 93
Re: [In Progress] Laptop running very slow,hangs once in a while
« Reply #12 on: December 20, 2016, 06:53:01 PM »
Thank you!  I really appreciated your help.  :ty