I have read at great length about this issue and am convinced my new Lenovo laptop is infected. What I am not sure of is the scripts I read from Bleeping Computer are generic to be used for each person or if logs need to be reviewed to determine steps to take? I have run Malwarebytes and it found 10 non malware items which I quarantined for fun and found nothing after running ADwCleaner. I have started this topic with the obligatory DDS paste below and look forward to your help in resolving the issue.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by Susan at 10:54:36 on 2014-11-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3800.312 [GMT -7:00]
.
AV: Trend Micro Internet Security *Enabled/Updated* {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Internet Security *Enabled/Updated* {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Susan\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\Susan\AppData\Local\Workspace\wben.exe
C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Integrated Camera\Monitor.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Susan\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Susan\AppData\Local\GeniusBox\Client.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\chrome_extension2\host\chrome_native_msg_host.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:49197;https=127.0.0.1:49197
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: TmIEPlugInBHO Class: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Starfield Updater] "C:\Users\Susan\AppData\Local\Workspace\WorkspaceUpdate.exe"
uRun: [wben] "C:\Users\Susan\AppData\Local\Workspace\wben.exe"
uRun: [Workspace Status] "C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
mRun: [Integrated Camera_Monitor] "C:\Program Files (x86)\Integrated Camera\monitor.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [Lexmark S300-S400 Series] "C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe" /s
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Susan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com
Trusted Zone: intuit.net
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{94D28762-DB9B-4735-A783-4030F3FE09B1} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-BHO: TmIEPlugInBHO Class: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [Enhanced Performance Keyboard] C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [MFACApp] "C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe"
x64-Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Platinum] "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
x64-Run: [WLM] "C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe"
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll
x64-Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2014-8-22 29512]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\drivers\excsd.sys [2014-8-22 117488]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-8-22 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-8-22 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-8-22 20464]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2014-11-5 50976]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\drivers\excfs.sys [2014-8-22 25840]
R1 OMNISMI;OMNISMI;C:\Windows\SysWOW64\drivers\omnismi.sys [2014-8-22 14776]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2014-11-5 93664]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2014-11-5 308344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2014-1-13 1198456]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2014-1-13 1710456]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2014-1-13 1161592]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-11-5 2443960]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-3-31 9954096]
R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2013-11-18 828656]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2014-8-22 140016]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2014-10-20 697472]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-8-22 169432]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-8-22 59224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-8-22 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-8-22 73048]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2014-8-22 197464]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2014-8-22 136288]
R2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [2014-8-22 21552]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [2014-5-15 230920]
R2 NitroUpdateService;NitroUpdateService;C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-5-15 417800]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-5-15 69640]
R2 PelService;Session Launcher Service;C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [2014-11-5 178688]
R2 Platinum Host Service;Platinum Host Service;C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [2014-11-5 1187376]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-9-29 1248256]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\drivers\tmusa.sys [2014-11-5 106296]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-11-20 124400]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-8-22 126512]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2013-10-28 49040]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-5-29 3816176]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-11-7 140600]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-12-11 1419576]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-6-14 31216]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-8-22 488216]
R3 ibtusb;Intel® Wireless Bluetooth® 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-12-10 169680]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-8-22 368624]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-8-22 790000]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-11-11 25528]
R3 phidmice;USB Mouse Low Filter WU Driver;C:\Windows\System32\drivers\phidmice.sys [2014-11-5 34816]
R3 pmouself;Mouse Suite WU Driver;C:\Windows\System32\drivers\pmouself.SYS [2014-11-5 23040]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2014-8-22 1669920]
R3 pvendrlf;Mouse Suite I/O WU Driver;C:\Windows\System32\drivers\pvendrlf.SYS [2014-11-5 12288]
R3 QuickControlService;Lenovo QuickControl Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2014-6-11 316400]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\drivers\RtsPer.sys [2014-8-22 423128]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-8-22 31472]
R3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2014-3-17 1521312]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2014-11-5 106296]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2014-11-5 407864]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2014-11-10 45736]
S2 omaha;Nok Nok Labs Update Service (omaha);C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [2014-8-22 148224]
S2 QuickControlMasterSvc;Lenovo QuickControl Master Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2014-6-11 61936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2014-8-22 320560]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2014-8-22 56048]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-11-11 35256]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-8-22 450520]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-8-22 533760]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-5-29 284912]
S3 omaham;Nok Nok Labs Update Service (omaham);C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [2014-8-22 148224]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-8-22 1664800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-29 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-29 15:47:17 -------- d-----w- C:\AdwCleaner
2014-11-29 02:00:04 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-29 01:59:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-29 01:59:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-29 01:59:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-29 01:59:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-29 01:59:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 01:59:24 -------- d-----w- C:\Users\Susan\AppData\Local\Programs
2014-11-28 17:11:06 -------- d-----w- C:\Users\Susan\AppData\Local\Diagnostics
2014-11-25 01:46:28 -------- d-sh--w- C:\Users\Susan\AppData\Local\EmieBrowserModeList
2014-11-21 20:35:31 1235429 ----a-w- C:\ProgramData\SPL1C85.tmp
2014-11-18 23:07:35 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 23:07:35 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 23:07:34 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 23:07:34 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-17 23:44:59 -------- d-----w- C:\Users\Susan\AppData\Local\Microsoft Help
2014-11-14 12:36:32 84208 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2014-11-14 12:36:32 72432 ----a-w- C:\Windows\System32\ibmpmctl.exe
2014-11-14 12:36:32 60112 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2014-11-14 12:36:32 40176 ----a-w- C:\Windows\System32\tpinspm.dll
2014-11-11 23:47:13 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 23:46:59 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-11 23:46:59 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-11 23:46:54 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 23:46:54 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-11 01:22:10 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-11-10 23:35:37 -------- d-----w- C:\Users\Susan\AppData\Local\LogMeIn Rescue Applet
2014-11-10 22:30:47 -------- d-----r- C:\Users\Susan\Dropbox
2014-11-10 22:28:18 -------- d-----w- C:\Users\Susan\AppData\Roaming\Dropbox
2014-11-10 22:22:44 -------- d-----w- C:\Users\Susan\AppData\Local\offsync
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-10 22:17:22 -------- d-----w- C:\Users\Susan\AppData\Local\Apple
2014-11-10 22:10:04 -------- d-----w- C:\Windows\Workspace Logs
2014-11-10 22:10:01 -------- d-----w- C:\Program Files (x86)\Workspace
2014-11-10 22:09:28 -------- d-----w- C:\Users\Susan\AppData\Local\Workspace
2014-11-10 21:59:10 -------- d-----w- C:\Users\Susan\AppData\Roaming\IrfanView
2014-11-10 21:59:10 -------- d-----w- C:\Program Files (x86)\IrfanView
2014-11-10 21:37:31 -------- d-----w- C:\ProgramData\ALM
2014-11-10 21:04:47 -------- d-----w- C:\Users\Susan\AppData\Roaming\S300-S400 Series
2014-11-10 20:55:20 -------- d-----w- C:\ProgramData\Ezprint
2014-11-10 20:54:23 -------- d-----w- C:\ProgramData\Lx_cats
2014-11-10 20:52:49 189440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxeadrpp.dll
2014-11-10 20:52:21 109056 ----a-w- C:\Windows\System32\lxeavs.dll
2014-11-10 20:52:19 836608 ----a-w- C:\Windows\System32\lxeacoin.dll
2014-11-10 20:52:19 1462272 ----a-w- C:\Windows\System32\lxk_g.dll
2014-11-10 20:52:17 983121 ----a-w- C:\Windows\System32\lxk_gf.dll
2014-11-10 20:52:17 65536 ----a-w- C:\Windows\System32\lxeagcfg.dll
2014-11-10 20:52:17 399360 ----a-w- C:\Windows\System32\lxeacui.dll
2014-11-10 20:52:17 148480 ----a-w- C:\Windows\System32\lxeacuir.dll
2014-11-10 20:51:59 -------- d-----w- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2014-11-10 20:50:20 53760 ----a-w- C:\Windows\System32\LXEAPMON.DLL
2014-11-10 20:50:20 4485120 ----a-w- C:\Windows\System32\LXEAoem.dll
2014-11-10 20:50:20 21504 ----a-w- C:\Windows\System32\LXEAFXPU.DLL
2014-11-10 20:50:19 3584 ----a-w- C:\Windows\System32\LXEAPMRC.DLL
2014-11-10 20:50:18 -------- d-----w- C:\ProgramData\S300-S400 Series
2014-11-10 20:50:03 510464 ----a-w- C:\Windows\System32\LXEAwupd.dll
2014-11-10 20:50:03 295592 ----a-w- C:\Windows\System32\LXEAwupd.exe
2014-11-10 20:45:11 299008 ----a-w- C:\Windows\SysWow64\LXEAsm.dll
2014-11-10 20:45:11 23552 ----a-w- C:\Windows\SysWow64\LXEAsmr.dll
2014-11-10 20:45:11 -------- d-----w- C:\Program Files\Lexmark S300-S400 Series
2014-11-10 20:45:10 381440 ----a-w- C:\Windows\System32\lxeasm.dll
2014-11-10 20:45:10 23552 ----a-w- C:\Windows\System32\lxeasmr.dll
2014-11-10 20:41:46 -------- d-----w- C:\Users\Susan\AppData\Local\Power2Go
2014-11-10 20:38:56 -------- d-----w- C:\ProgramData\install_clap
2014-11-10 20:38:21 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2014-11-10 20:38:20 59904 ----a-w- C:\Windows\SysWow64\wbemdisp.tlb
2014-11-10 20:38:20 23664 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2014-11-10 20:38:20 102912 ----a-w- C:\Windows\SysWow64\Vb6stkit.dll
2014-11-10 20:38:20 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL
2014-11-10 20:28:26 -------- d-----w- C:\ProgramData\CLSK
2014-11-10 18:02:13 22528 ----a-w- C:\Users\Susan\AppData\Local\2353852dsisetup23612772.exe
2014-11-07 10:01:02 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-11-06 22:16:46 -------- d-----w- C:\ProgramData\SQL Anywhere 11
2014-11-06 21:12:40 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-11-06 21:12:40 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-11-06 21:12:40 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-11-06 21:12:40 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-11-06 20:19:19 -------- d-----w- C:\Users\Susan\AppData\Local\Intuit
2014-11-06 20:19:15 -------- d-----w- C:\Windows\Intuit
2014-11-06 20:18:07 4218880 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2014-11-06 20:14:02 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2014-11-06 20:13:58 -------- d-----w- C:\ProgramData\Nuance
2014-11-06 20:13:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2014-11-06 20:13:33 -------- d-----w- C:\ProgramData\COMMON FILES
2014-11-06 20:13:01 -------- d-----w- C:\Program Files (x86)\Intuit
2014-11-06 20:12:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-06 20:12:54 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 20:12:04 -------- d-----w- C:\ProgramData\INTUIT
2014-11-06 19:46:14 -------- d-----w- C:\Program Files (x86)\Akamai
2014-11-06 15:37:06 -------- d-s---w- C:\Windows\System32\CompatTel
2014-11-06 15:37:05 -------- d-----w- C:\Windows\SysWow64\Wat
2014-11-06 15:37:05 -------- d-----w- C:\Windows\System32\Wat
2014-11-06 15:27:45 -------- d-----w- C:\Windows\Migration
2014-11-06 14:45:52 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-06 14:45:51 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-06 14:36:07 -------- d-----w- C:\Windows\System32\MRT
2014-11-06 14:34:40 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-06 14:34:40 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-06 14:34:40 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-11-06 14:34:40 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-11-06 14:34:38 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-11-06 14:34:38 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-11-06 14:34:24 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-06 14:34:24 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-06 14:14:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-11-06 14:14:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-11-06 14:10:47 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-11-06 14:09:13 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-11-06 14:09:13 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-11-06 14:09:13 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-11-06 14:06:55 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2014-11-06 14:06:55 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-11-06 14:06:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-11-06 14:06:41 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-11-06 14:06:41 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-11-06 02:33:41 -------- d-----r- C:\Users\Susan\OneDrive
2014-11-06 02:14:29 -------- d-----w- C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65
2014-11-06 01:47:26 -------- d--h--w- C:\TMRescueDisk
2014-11-06 01:42:35 407864 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2014-11-06 01:42:35 106296 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2014-11-06 01:42:31 93664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2014-11-06 01:42:31 50976 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys
2014-11-06 01:42:31 305832 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-11-06 01:42:31 121944 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2014-11-06 01:42:27 106296 ----a-w- C:\Windows\System32\drivers\tmusa.sys
2014-11-06 01:41:36 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2014-11-06 01:41:14 -------- d-----w- C:\Program Files\Trend Micro
2014-11-06 01:41:09 -------- d-----w- C:\ProgramData\Trend Micro
2014-11-06 01:37:55 -------- d-----w- C:\Users\Susan\AppData\Local\Trend Micro
2014-11-06 01:33:46 -------- d-----w- C:\ProgramData\Trend Micro Installer
2014-11-06 01:17:27 -------- d-----w- C:\Users\Susan\AppData\Roaming\PwrMgr
2014-11-06 01:13:43 -------- d-----w- C:\Users\Susan\AppData\Local\LenovoReach
2014-11-06 00:18:50 34816 ------w- C:\Windows\System32\drivers\PELUSBLF.SYS
2014-11-06 00:18:50 23040 ------w- C:\Windows\System32\drivers\PELMOUSE.SYS
2014-11-06 00:18:50 22528 ------w- C:\Windows\System32\drivers\PELMOUBT.SYS
2014-11-06 00:18:50 16384 ------w- C:\Windows\System32\drivers\PELBTM.SYS
2014-11-06 00:18:50 14336 ------w- C:\Windows\System32\drivers\PELPS2M.SYS
2014-11-06 00:18:50 11776 ------w- C:\Windows\System32\drivers\PELVENDR.SYS
2014-11-06 00:18:48 414632 ----a-w- C:\Windows\difxapi.dll
2014-11-06 00:18:44 -------- d-----w- C:\drivers
2014-11-06 00:16:31 34816 ----a-w- C:\Windows\System32\drivers\phidmice.sys
2014-11-06 00:16:31 23040 ----a-w- C:\Windows\System32\drivers\pmouself.SYS
2014-11-06 00:16:31 12288 ----a-w- C:\Windows\System32\drivers\pvendrlf.SYS
2014-11-06 00:16:30 177152 ----a-w- C:\Windows\System32\LeCoinst.dll
2014-11-06 00:15:28 -------- d-----w- C:\Program Files\Nok Nok Labs
2014-11-06 00:10:53 590536 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-11-06 00:10:02 -------- d-----w- C:\Users\Susan\AppData\Local\CrashDumps
2014-11-06 00:08:47 -------- d-----w- C:\Program Files\Microsoft Office 15
2014-11-06 00:08:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-11-06 00:08:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-11-06 00:08:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-11-06 00:05:30 -------- d-----w- C:\Users\Susan\AppData\Local\Adobe
2014-11-06 00:05:02 -------- d-----w- C:\Users\Susan\AppData\Roaming\LSC
2014-11-06 00:04:07 -------- d-----w- C:\Users\Susan\AppData\Local\Google
2014-11-06 00:02:56 -------- d-----w- C:\Users\Susan\AppData\Local\GeniusBox
2014-11-06 00:00:40 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-05 23:57:31 -------- d-sh--w- C:\Users\Susan\AppData\Local\EmieUserList
2014-11-05 23:57:31 -------- d-sh--w- C:\Users\Susan\AppData\Local\EmieSiteList
2014-11-05 23:57:09 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-11-05 23:57:04 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-11-05 23:57:04 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-11-05 23:55:23 -------- d-----w- C:\Users\Susan\AppData\Roaming\Intel
.
==================== Find3M ====================
.
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-02 21:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 21:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-09-29 23:21:24 1721752 ----a-w- C:\Windows\SysWow64\InetClnt.dll
2014-09-29 23:16:14 205848 ----a-w- C:\Windows\SysWow64\THREED32.OCX
2014-09-29 23:16:14 1694992 ----a-w- C:\Windows\SysWow64\VBA6.DLL
2014-09-29 23:16:02 741008 ----a-w- C:\Windows\SysWow64\SPR32D30.DLL
2014-09-29 23:16:02 1003152 ----a-w- C:\Windows\SysWow64\SPR32X30.OCX
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 12:51:04 55872 ----a-w- C:\Windows\System32\AdobePDF.dll
2014-09-04 12:50:54 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-09-01 10:01:16 49040 ----a-w- C:\Windows\System32\valWBFPolicyService.exe
2014-09-01 10:01:16 212880 ----a-w- C:\Windows\System32\drivers\UMDF\wbf_vfs_lvcmn.dll
2014-09-01 09:30:08 3655056 ----a-w- C:\Windows\System32\vcsAPIFORWBF.dll
2014-09-01 09:30:08 31232 ----a-w- C:\Windows\System32\LenovoSysCheck.dll
.
============= FINISH: 10:55:15.47 ===============
I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system
It's worked out well for many of us in the past.
You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)
Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Wait for further instructions.
Read other 21 answersLast night I was just on my laptop and watching youtube videos and i clicked another video and this page showed up
https://gyazo.com/394365acc51f1695dd25d535b5db0af6
so at first, I assumed my internet went down but when it said I was connected and had 5 bar wifi I was confused, I sent somebody a message on skype and it sent straight away and I also received a message back, after searching around a bit I was told to go to chrome settings, advanced settings, change proxy settings, LAN settings and disable "connect to a proxy server" I did this and it was temporarily fixed and I was fine, then it happened again and going back to the settings I noticed the box I had ticked had reticked itself. I have followed youtube videos that have gone into safe mode and done certain things and searched for malware using MalwareBytes and AVG, threats have came up and been quarantined and I have removed these from my system but the problem still persists, it's getting so frustrating I can only access the internet for short amounts of time and every solution I have tried doesn't work, it just ends up automatically reticking itself...
I browsed the forums before deciding to ask my question and didn't find anything that fully addressed my problem.
My uncle installed Windows 7 onto my computer, creating a Windows.old file. It had Windows XP before, as the factory installed OS (no disc). I am now trying to revert back to Windows XP (why is not important). However, I am having some issues:
1) When I boot and select "Earlier Version of Windows" as the OS to start with, I am taken to a screen that requires I enter an admin password. The problem is that we do not have an admin password for Windows XP. As far as I know, one never existed. I was never prompted to enter one when starting the comp, and my husband is the one who set it up and he said he never had one.
2) When I attempt to do a factory settings restore through Windows 7 by pressing F8, I am asked to locate a system image. I don't know what that means really, except that it's a copy of the existing comp info and am not sure if the Windows.old folder is what I'm looking for. If so, that's another problem because it won't accept Windows.old.
3) I do not have any recovery points beyond, like, yesterday. Apparently my uncle set it so that older recovery points are deleted to make room for new ones. Awesome.
I am using SP2 for the first time. I went to a site to download fonts. The new SP2 controls added another press of a button prior to the actual download of every font I downloaded. So I clicked the remember settings for this file type option, then clicked SAVE. After that one downloaded, every other one skipped the save process, and went straight to OPEN. Had I opened the file I clicked remember...... I would have understood why. I went thru my internet options and changed a couple of things, even restored the default options. Nothing. Any ideas as to how I can get the files to save rather than to open?
Note: Right clicking every single time I download something is NOT an option. I already know how to do that. I want to know how to left click and THEN I have the option to open or save.
Thanks in advance!
Is this happening only with zip files or every file you download?
Read other 3 answersThe touchpad settings for my X1 Yoga keeps reverting back to the previous setting, no matter how many times I change it and save it. Why is this happening? The two changes I want to keep that keeps reverting back, are these: 1) Have the middle button behave as a middle-button (instead of for scrolling) 2) Have the scrolling direction on the touchpad act normally (no reverse direction). I had changed those settings when I first got the X1 Yoga, but then soon I chanced it again to what I want it to be now, but ever since then, those settings just won't stay and keeps reverting back to the first change I made, and it's been weeks and weeks. No matter how many times I change them and save, they only last until I close the lid. The next time I open the lid, they've reverted back.
Read other answersGood day everyone!
I just had my laptop install Windows 8.1 tonight. It's a clean install, by the way. Now the problem is I noticed that every time I restart my laptop it's power plan reverts back to "power saver", I had it set on "high performance" before. I own a Samsung laptop, model is NP535U3C-A01, Series 5.
Processor: AMD A6-4455
Memory: 8 GB
Graphics card: AMD Radeon HD 7500G
Oh and one more thing... it stops charging at 99%.
There may be some specific power drivers and software for that particular laptop, look on their website in the support section for device drivers and support programs.
Usually Samsung and Toshiba laptops will have some kind of special power software, so you would have to download that and set the power settings in that software otherwise it will keep on reverting every time you reboot.
I been noticing lately that every time I open my power settings in the control panel, it shows the "Balanced Plan" ticked despite the fact that I've changed it to "High Performance" several times in the last month. Another thing that concerns me is that usually whenever you make any changes to settings, the "Save" button at the bottom of the page is supposed to be highlighted or (in other words: able to be ticked) but every time I visit my power settings through the control panel, the Save button is never highlighted, so I can't even click on Save even if I wanted to.
I usually just exit the control panel explorer once I made the changes I want, but as I mentioned it seems to just revert right back to the Balanced Plan option upon re-opening of the Power Settings. Maybe the fact that I cannot click the Save Button is the problem.
The only thing I can think of which may ( or may not have ) caused this problem is the fact that I was making several tweaks to the system using the Advanced management options, mostly to shut off options that I didn't need to have running, and to tighten my overall system security, etc, but I don't specifically recall ever coming across an option that would restrict me making changes to the Power settings. In fact, if I did find something like that through Advanced Management options, I would have made sure that "High Performance" was the option I wanted to keep.
The changes I did make were quite some time ... Read more
I know this is a custom build, but do you have any manufacturers power utilities installed?
Some temp software (if installed) will slow down your pc when temps run high, changing the power plan.
Please Run sfc /scan now using option 2 in this tutorial: SFC /SCANNOW Command - System File Checker
Please post back the results.
Please indicate what message was displayed at the end:
Windows found no integrity violations
OR
Corrupt files were found, and windows was unable to fix them.
OR
Corrupt files were found, and windows successfully repaired them
On a laptop the proxy settings in the company are turned on log in a domain. When i leave the company and want to Internet outside i turn the proxy settings off. However, after i closed IE and after a while or reboot the proxy settings are turned on again
even when i do not login onto the domain.
What is due that the proxy settings are turn on automatically is this a gpo that is locally cached and executed also locally?
freddie
Hi,
You may follow the steps below to delete all the GPO-related Policies for a test, then these policies will be reapplied to the computer when you go back to office.
Delete All Group Policy Registry keys
========================
1. Click “Start”, type “regedit.exe” (without quotation marks) into “Start Search” box and press Enter.
2. Locate the following key:
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft]
Right click on "Microsoft", click "Export"; please name the file as "RegBackup" (without quotation marks) and then save it to the C:\ drive as a backup.
Note: In case we need to undo the modification, we can double click this RegBackup.reg file to restore the registry key.
3. Highlight Microsoft and click "Delete".
4. Please repeat the above steps for the following registry keys.
[HKEY_CURRENT_USER\Software\Policies\Microsoft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
Note: if some keys do not exist, please ignore them.Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ?
Everytime I log on using Google Chrome and Internet Explorer, I have an issue with the proxy settings changing back after I correct them. Can I fix this?
AdwCleanerS0.txt 5.99KB
6 downloads
Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Wait for further instructions.
Read other 2 answersI have a computer that had some seemingly easy malware to remove. Chrome extension, toolbars, etc... Scans come back clean but on every reboot or simply logging off and logging back in, the pesky proxy settings keep getting reset. Thanks for your help!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Shop (administrator) on GTI-SHOP-PC on 12-03-2015 17:54:22
Running from C:\Users\Shop\Downloads
Loaded Profiles: Shop (Available profiles: Shop & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\R... Read more
Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Using the Add/Remove programs remove these two processes in bold.IGS (HKLM-x32\...\IGS) (Version: - ) <==== ATTENTION!igsc (HKLM-x32\...\igsc) (Version: 1.0.0.0 - igs) <==== ATTENTION!===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start
CloseProcesses:
(OM Inc.) C:\Program Files (x86)\IGS\BasementDuster.exe
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.B... Read more
Hi all, hope you are all ok?
I am struggling with a proxy issue. We use Forcepoint as our proxy server. For various reasons it has caused us no end of issues and so thankfully the license expires on it next month when we plan to use Cisco Umbrella instead. Forcepoint tech support have
advised me that on the day the license expires, all devices / users who have " webdefense.blackspider...." as their proxy settings will no longer be able to browse to anything until it is removed.
We have a GPO which adds an AutoConfigURL key to all users HKCU registry, so i thought that by just disabling this, or even by editing this and changing the value to be BLANK, this would be a quick fix for all 175 machines. However even when i do this in
testing, the keys remain in the registry and when you look at the connection settings in IE, the "webdefense.blackspider.." is still there.
I have googled this for a while now, and have a simple batch file which i have pasted below for info, but the settings for the proxy, specifically the settings in the LAN connection where it says "Use Automatic Configuration Script" keep coming
back.
Does anyone know of a reason why the tick is still in the box, and the auto config script is still there? I could really do with a helping hand or a pointer on this. Im really concerned that if i cant fix this soon i will need to visit each machine and manually
remove the settings, which seems to work and seems to stay de... Read more
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by SteeL at 16:27:38 on 2011-12-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.4094.2360 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:&#... Read more
Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432052 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more
Read other 2 answersOur current Windows 8/IE10 tablets apply a group policy which sets up the IE proxy configuration and prevents users from changing that configuration.
This is done using the settings "Prevent changing proxy settings" and "Disable changing automatic configuration settings" (located at computer configuration\administrative templates\windows components\internet explorer).
With Windows 8.1/IE11, the proxy server settings are still greyed out in the LAN settings dialog box under Internet Options\Connections in the desktop IE environment.
However in 8.1 the proxy settings can also be accessed from the Settings charm: Settings - Change PC Settings - Network - Proxy. From this location, ordinary users can modify and save changes to the proxy configuration.
Is there any way to lock this down?
Update on this - a very helpful Microsoft engineer came back with a workaround which, while not ideal, is a lot better than letting users change their proxy settings.
When I said I was going to post it here, the engineer said to make sure I started with the statement that Binary registry keys as used in this solution shouldn't generally be messed about with, and that editing the registry without first backing it up may
also lead to plagues of locusts, etc. All the usual disclaimers, so use this at your own risk.
His solution, which we've tested, involves switching from per-user proxy settings to per-machine proxy settings.
The Microsoft workaround word for word is:
The first thing we need to do is to export the following registry key from a machine that has the correct proxy settings set.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
This contains the following 2 binary registry keys which have the connections settings: ?DefaultConnectionSettings? and ?SavedLegacySettings?
The next step is to open the newly exported .reg file and to change the path:
From: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
To: HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
For a test on a single machine you can manually change this, from elevated cmd: regedit <file>.reg
For a bigger scale you can create a script to deploy the... Read more
A week or two ago, I began having a problem where Google Chrome would periodically change settings (without me doing anything) to use a proxy server, and so nothing would connect until I went into the settings and unchecked it. Because of this, I ran an MBAM scan and found a number of things, which I deleted, removed from the registry, etc. Also, until I did this, MBAM would repeatedly report that it had blocked an attempted connection by Chrome to a "suspicious website."
After this, the problem appeared to be fixed -- no suspicious tasks running, no connections to suspicious websites reported by MBAM, etc. However, yesterday some charges appeared on my iTunes account (to which I've since changed the password of course). It's possible, of course, that somebody got the password before I had removed the malware and simply only used it now, but I was hoping someone would be able to help me run through a system check using the more powerful malware scanners/removers, just to make sure there's nothing bad lying around.
I was told on another forum to run DDS and post my logs here, so here goes. I'm running a 64-bit OS, so I don't have a GMER log.
-------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zac at 15:59:39 on 2012-02-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.1072 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: M... Read more
Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo
I have been struggling with a malware changing my proxy settings to http://wpad.com.gr/proxy.pac.
This affects my system proxy settings in PC Settings - Networ - Proxy - Use Automatic Configuration Script (ON) - Acript Address http://wpad.com.gr/proxy.pac.
I have used TDSKill and it deleted a file "router.exe" from my windows folder. And Adware Cleaner removed some registry entries alongside some folder in Chrome that has something like "\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com"
Then after resetting my settings and manually turning off Automatic Configuration Script in PC Settings, everything was fine and my google searches were back to 2015. A day later it changed, I scanned with Adware cleaner and it found same stuffs, I cleaned, And it;s back again.
Please help me.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Xtian (administrator) on ASUS on 26-02-2015 07:21:27
Running from C:\Users\Xtian\Desktop
Loaded Profiles: Xtian (Available profiles: Xtian & Baux & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the proces... Read more
Hi. My name is Brian, and I would be happy to look into your issue.
- General Instructions -
Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for this log file only and should not be used on any other systems.
Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
You have 4 days to reply to each post or the topic will be closed.
Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depen... Read more
Hello. Recently I was downloading some software
from a survey and learned that a lot of that stuff contains
viruses. Well I went to uninstall it, and when I did
I can no longer use the internet, and it gives me a proxy error.
When I go to change the proxy settings it has it saved to "<-loopback>" and
the address is "http=127.0.0.1:59943;https=127.0.0.1:59943"
Whenever I try to change it, it doesn't save. And it is
I'm typing this from my girlfriend's unaffected computer.
I try running Maleware Bytes, but it doesn't run, and I can't seem to get into safe
mode on this computer for some reason.
I'm running Windows 8.1, and oddly enough I see no suspicious background processes.
That's my problem, if someone could help me I'd greatly appreciate it.
Please do the following. Please download and run RKill RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications. These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted. Please download RKill and install it. When RKill is run it will display a console screen similar to the one below: When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill. Attention: At this time you need to run the software posted below. While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected. This is the malware trying to protect itself. Two methods that you can try to get past this and allow RKill to run are: 1) Rename Rkill so that it has a .com extension. 2) Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions. After all of the scans have run successfully you should reboot the computer to restore the processes and Windows Registry entries. Please run Malwarebytes AntiMalware Please download Malwarebytes Anti-Malware. After cli... Read more
Read other 2 answers eb_win10proxy-1.png 37.74KB
0 downloads
Malwarebytes Anti-Malware Home (Premium) didn't find anything.
Any ideas?
EDIT: Emsisoft Emergency Kit seemed to have found something very relevant. I deleted the file and restarted but it keeps appearing in 'Automatic proxy setup' :/
eb_win10proxy-2.png 17.41KB
0 downloads
Hello kingmustard and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator the computer. How is open as administrator the computer?
Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do&... Read more
Hello I found this topic (http://www.bleepingcomputer.com/forums/t/600543/strange-entry-in-lan-proxy-settings-that-i-cannot-delete) that dealt with the same issue that I had but it has since then been closed, so I cannot reply. My problem is identical, my LAN settings keep being changed to include "http://ɴ.net/proxy.pac". But I don't seem to have installed the same programs as the other user, so my infection must have come from something else. I have downloaded Malewarebytes, ADWClaner but it's still there. So I have Farbar Recovery Scan and RogueKiller ready to go. I'm ready to provide any information and files that are needed to help me get this thing off my computer!
Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.I will be analyzing your log. I will get back to you with instructions.Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Right click to run as administrator (XP users ... Read more
Read other 25 answersI downloaded the beta version of Microsoft Office Professional 2007 the other day and it seems to have upgraded my Office 2003 applications rather then installing 2007 seperately and leaving me the option of using either 2003 or the beta of 2007. The beta versions are very buggy from what I understand, so what happens if I want to go back to only having Office 2003. I don't have the actual 2003 software CD. The guy I bought the computer from never included it, so I hope that I don't have to go through and reinstall everything to get 2003 back the way it was before downloading Office 2007.
Thanks
Hello i have a lenovo windows 8 laptop which is having trouble updating and goes to reverting back. Recently its been stuck on that screen for a long time. I did reset it but it goes to the same screen
Are the windows updates or what and how many.
BTW your system specs indicate OS Luke?
hi all
please help me on this i done an update from ie6 to ie7 after some time and patience i loaded ie it now takes ages to load and sometimes freezes i have tried to go back to ie6 followed some of the tasks from here but some how in the add/remove programs windows update ie7 is no where to be found
please help me i canto get on with ie7 and would like to go back to ie 6
From Microsoft - http://www.microsoft.com/windows/ie/support/default.mspx
Hi new here,
hope someone can help im trying to make a hijackthis log but in the 5 dteps it says i need to have sp1a but my system is on sp2 how can i get it back to sp1 or do i not need to
regards
hi im trying to post a hijack this log but in the 5 steps i am told i need to be on sp1 but my system is on sp2 how can i get it back to sp1
Read other 3 answersI made a big mistake by updating to XP SP2.
Is there a way to go back to SP1...
You can go to Add/Remove programs and uninstall SP2. I would then go to system restore and restore to a point before you installed SP2. There should be a point named SP2 install or something like this.
Hey, y'all. I have a bit of a problem that I hope you can help me with:
I'm fairly proficient when it comes to computers. I know how to mess with programs, some HTML work, etc. I often get asked to fix people's laptops on a daily basis, which is where the problem began.
I've reverted computers back to factory settings many, many times. This time, however, I am running into a situation. This particular laptop is a 2008 HP running on Vista Home Premium that doesn't get used very often. I'd say it probably gets turned on once a month. Nothing much was installed on it except for Adobe Reader, iTunes, and a ton of Word documents. My mom wanted me to factory restore it so she could hand it off to someone else.
Anyway, to get to the point: I did the usual F11 when the computer booted up and ran through the prompt asking me if I would prefer to use System Restore to go back to an earlier time. I chose no and proceeded onto the screen asking if I would like to reinstate it to factory settings. I clicked yes and watched it go through the motions of installing original software. Everything was normal to that point, but after that, it gets weird. It came up with a screen saying "Installing HP Software" and gets all the way to 100% before restarting a few times and coming back to that screen. It stays there for what seems like ages, then restarts a few more times. Then it comes to a blank, black screen and restarts yet again. Finally, after that, it goes to the deskto... Read more
Hi,
When you select the recovery, do you have a destructive option? If so, I would choose that & format the drive.
Give it a go & report back. OK?
I have an external monitor that I like to use; I configure my laptop display settings to only show the desktop on the external monitor and not on its own screen. However, every time it goes to sleep, when it comes back it doesn't remember the settings and has the display on the laptop monitor instead; I always have to go back to the control panel and tell it to switch back to the external display. How can I get it to remember automatically?
Instead of going to the control panel use Windows + P, it is labeled Projector Only but it doesn't have to be a projector.
http://www.sevenforums.com/tutorials...on-switch.html
I currently have two hard drives on my computer with XP being installed in one of them. Everything was fine till during startup, Windows flashed an error message saying one of them had failed a s.m.a.r.t test and its failure was imminent. So I immediately backed up the data and installed xp on the other hard disk.
Now my question is, what should I do such that the old settings and installations are synchronised with the new installation? Is it possible for me to get my old desktop back without having to uninstall and reinstall various programs?
Thanks in advance,
OS : MS Windows Xp, Media Center Edition, SP 2
Hi
You are either going to have to reinstall all your programs or
start up the hard drive that failed the SMART test and "ghost" or image it to the other hard drive - this way you do not have to reinstall anything. Imaging the one hard drive to the other will overwrite everything on the destination hard drive.
I have a laptop that for some reason when i close the lid the usb shut off and i believe this is due to the usb power settings in the device manager say that the system can turn them off to save power. So when i close the lid the usb shut off. But if i change that setting and tell it not to turn off to save power they work fine.
I am setting this setting on the USB Root Hubs but when i reboot they revert back to being checked off to save power. Any ideas why this may be reverting back to the original state?
1.) Open Power Options in control panel.
2.) Click on Change Plan Settings in whatever plan you're using.
3.) Click on "Change Advanced Power Settings".
4.) Expand "USB Settings".
5.) Click on "USB selective suspend setting".
6.) Select Disable
7.) Click OK
8.) Test to see if it still reverts the USB hub's power settings.
Is it possible to uninstall Ubuntu and go back to Win7 if I only have the original Product key and no boot disc? Also the Win 7 was upgraded to Win10 before wiping the laptop.
DMcD65 Hello;Allow me to welcome you to the HP forums!You said you "wiped" the laptop, so any Recovery information is long gone. Your only recourse at this point is to use something known as HP Recovery Media. HP Recovery Media is a set of DVDs and a CD, or USB stick, that will erase the hard drive (removing all data, settings, and applications, reinstall the original OS, drivers, and some HP Utilities. In some cases, you may be able to order a USB stick instead of disks. You have to order these from HP; they can not be downloaded.You can look online for Recovery Media starting with the linked paged: http://support.hp.com/us-en/driversOnce there, input your Product name or number. On your Software and Drivers Download page, select your Operating System and and Version. Click "Update". If HP Recovery Media is available for your machine, down near the bottom of the page, you will see an entry for Order Recovery Media-CD/DVD/USB. Click the "+" symbol to expand that entry and click on Order Media for details.Or, if you prefer, you can do the same by contacting HP Customer Service:If you live in the US or Canada, contact information is on this page: http://www8.hp.com/us/en/contact-hp/phone-assist.html#section1If you live elsewhere, contact information is on this page: http://www8.hp.com/us/en/contact-hp/ww-contact-us.htmlNOTE: After you get through, stay on the line until you are finally able to talk to some one -- it can take a while!If you have trouble finding a ... Read more
Read other 1 answersIts been over 30 days and I completely dispise Windows 10. I dispise it so much I stopped using my laptop because of it. Nothing works. None of the programs I have work with Windows 10. I lost over 5k dollars because of this! I was never told it was not going to work, no warnings, nothing! I was also ripped off by your company after purchasing a 3 year antivirus program which I was just told by the company that handles that, that you only set it up for a year after I paid for 3!!!! I've been completely ripped off and when I tried to talk to someone on the online chat, after being connected, and they gave their greeting, there was no reply after I sent my issue to them!!! This is the worst company I've ever done business with!!! Almost $2000 down the **bleep**ing drain!!! Never again will I ever buy an HP product! NEVER AGAIN!!! And I will talk to my rep to close my business accounts as well!!! If you can't do right by my personal account what makes me think you will do right by my business ones?!!! -Tomas
Read other answersI uninstalled the IE9 update I had to have it automatically revert back to IE8. However, my Windows does not have IE8 in "Turn on Windows Features on or off" menu.
I'm using a Windows 7 Home Premium 64bit upgrade from Windows Vista (the key can't be used with a 'normal' install disc).
Welcome to Seven Forums Joona. I take it you found IE9 on the list of installed updates? This should indicate you had IE8 originally, and it should indeed revert.
Try this:
Start> In search box type run> Enter> When run box opens type iexplore.exe> Enter
Does IE8 open? If not, you can try this Fix It to make sure IE9 was uninstalled correctly
http://support.microsoft.com/kb/2579295
A Guy
Hi All,
While installing windows XP I changed my file system to NTFS, but now I want to install windows 98 and do dual boot. How do I convert my hard drive back to FAT32?
Thanking you in advance.
Sorry - too late. If you want to dual boot W98 anda XP you must always load the older OS first.
I have a laptop bought nine years ago, now running Windows 10 Home version 1903. It is only used when there is a problem with my desktop computer, or when a portable PC is needed. It was originally using Windows 7 but with the present operating system it is almost unusably slow, with boot up 2 mins. 40 seconds and loading imaging software nearly three minutes ? there is only one program loaded at startup ? defender (msconfig). I have the Windows 7 original product serial number and an OEM copy of Windows 7 ? is it possible to revert without buying a new copy of Windows 7, it would then presumably be much quicker ? the lack of future fixes would be acceptable. Or maybe there is a way to make it go faster in Windows 10?
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3766 Mb
Graphics Card: Intel(R) HD Graphics, 1755 Mb
Hard Drives: C: 306 GB (218 GB Free);
Motherboard: Acer, Aspire 5742Z
Antivirus: Windows Defender, Enabled and Updated
I have a Toshiba laptot 32 bit, I originally had vista installed, when I took it for repair they unistalled vista and replaced it with windows7 professional, I don,t like the new windows and wish to go back to my old vista again, I have the original vista Disks. can someone please guide me through to do this?
Welcome
This is the procedure
Clean Install with a Full Version of Vista
But be aware, you MUST have the correct key number of it will not work after 30 days and you will not have Seven, either.
If you have a key and are not sure if it is valid, call Microsoft to be sure
In addition, problems installing are always possible.
That being said. Seven is better than Vista. It is Vista with a lot more features. I think that if you give it time and learn, you will be happy that you kept it.
Alright, I'm using this Microsoft article: http://support.microsoft.com/kb/971760/
I have the windows.old folder on my HD, everything intact, but when I type and of the commands, it tells me it cannot find the file specified. I know they're there. ;_;
I'm going to cry.
Step 3 says that if you receive that message to move on to step 4 as follows:
Step 4: Copy the contents or move the contents of the Windows.old folder
Note When you type one or more of the commands at the command prompt in the following steps and press ENTER, you may receive the following message:
The system cannot find the file specified.
If you receive this message, go to the next step in this section, and then type the command in that next step.
Type the following commands at the command prompt:
Type the following command, and then press ENTER:
move /y c:\windows.old\windows c:\
Type the following command, and then press ENTER:
move /y "c:\windows.old\program files" c:\
Type the following command, and then press ENTER:
move /y c:\windows.old\users c:\
Type the following command, and then press ENTER:
move /y “c:\windows.old\documents and settings” c:\
And, it looks like if you get that same message again, you're supposed to move on to step 5. Its confusing for sure but it looks like you have to figure out exactly where the .old file is supposed to be and get it there if needed. Without seeing or knowing more that's my best guess.
My neighbor wants to go back to IE 7. I tried the accepted way ctrl panel>add-remove and the remove hit a snag. I get the following message with an added problem. What in tarnation is going on?
Set cannot copy the file ieeula.chm.
Now I no longer have all my tool bars in IE only the address bar and Links and no way to turn the rest on or access.
Hi, I am trying to reset my laptop back to the original windows 7 it came with from Windows 10. I went on the Microsoft website and even though I have the product / license key they told me that as this came pre installed on my equipment I needed to contact the manufacturer. I have looked and looked on the HP website and I cannot find anything to help me and I do not see why I have to purchase another copy of Windows 7. My laptop doesn't even revert to factory setting as I have tried this several times and I am still stuck with Windows 10. The laptop is my standby as I have a new one but I can't get my old Lexmark printer to work in Windows 10 but it worked fine in Windows 7 so I want to have my older laptop reverted back to windows 7, my new one came with windows 10 as it's only 5 months old. Any help to get Windows 7 back on my laptop would be appreciated and I would have thought that HP would and should be able to help.
Read other answersWell I don't know if there's anything better than windows default or whatever, i just want to get rid of the modification I made because I can't seem to hit anything precisely on desktop, which is actually good to have acceleration.
It's killing me because I do a lot quickly and can't seem to hit buttons, icons, and all the precise small stuff that is needed in video editing, coding, web etc.
I found this guide about game mode The Truthful Mouse Guide
But I know I used one of the guides to change registery, and I don't really see the difference by disabling/enabling "Enhance mouse percision" in controlpanel
I just want to get this back to defaults, unless there's a better setting for desktop use.
It woud certainly help to know what your "modification" was.
Read other 2 answersHello,
Sorry to bother, could someone please help out?
My computer has gotten slowly all of a sudden during the last 2 weeks.
It takes several minutes when trying to open/rename/copy/move/deletes folders/files, and even longer when emptying the recycle bin. Same goes with opening some programs especially FireFox & Winamp.
I also keep getting this message "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience" It crashes every time I try to play certain videos, copying or moving files.
For the last couple years, I kept getting the message "Your system is low on virtual memory" My current memory is 256MB of RAM, I will buy another bar of RAM soon, still it's not an excuse for the sudden slowness, especially when I don't have powerful programs that requires the upgrade.
I have scanned with SpySweeper and Panda, both detected malware, unfortunately no fixing was done since both require payment to do so.
I scanned then with Ad-Aware, Spybot and AVG and fixed whatever they found.
I do have a log of Panda and screencap of SpySweeper, so if HJT log fails to be useful, I will provide the other 2 logs if requested.
I hope I provided enough information, and many thanks for taking the time to help out!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:39 PM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Runn... Read more
I tried using the information in this article: http://support.microsoft.com/kb/971760/I have the windows.old folder on my HD, everything intact, but when I try to do ANY of those commands, it tells me the files cannot be found. I can't rename the Windows 7 files either. ;_; I seriously might cry if I can't revert back to my old installation.
I tried using the information in this article: http://support.microsoft.com/kb/971760/I have the windows.old folder on my HD, everything intact, but when I try to do ANY of those commands, it tells me the files cannot be found. I can't rename the Windows 7 files either. ;_; I seriously might cry if I can't revert back to my old installation.Did you move the Windows.Old folder from where it was originally created?
Read other 1 answersHello everyone i just installed win 7 on a new 500GB hard drive, on my OLD upgraded machine,(not my main machine) i would like to wipe that HD clean and try installing a Diffrent, older, OS. or use it for a secondary HD on my MAIN machine. I dont belive i can format the Active partition with in windows 7 ?, how do i remove window 7 and the system restore partition from the HD?.
Thanks in advance
Quote: Originally Posted by Pantz
Hello everyone i just installed win 7 on a new 500GB hard drive, on my OLD upgraded machine,(not my main machine) i would like to wipe that HD clean and try installing a Diffrent, older, OS. or use it for a secondary HD on my MAIN machine. I dont belive i can format the Active partition with in windows 7 ?, how do i remove window 7 and the system restore partition from the HD?.
Thanks in advance
A thrid party app, a dos disk, any other OS boot disk will do it.
Ken
Last year I got windows 7, and installed it on my computer. My computers performance went way down. I have a 2000 HP with upgraded ram and graphics, and a new fan. It was stupid to upgrade, but i was naive. My computer didnt come with discs for windows xp, and I have no way to revert back. Is there any way to go back to XP from windows 7?
We will need the HP model ID found on a label on the back of a tower type or underneath a laptop type.
Take a look here for help locating the model
http://h10025.www1.hp.com/ewfrf/wc/findModel?lc=en&dlc=en&cc=us
Due to problems with quick books I had to revert from 10 back to7
When I did I had numerous problems with permissions and now I found that windows 7 backup task image is now corrupt
Any help?
I upgraded to Windows 10 on July 30th from Win7.
Before I did I cloned my Win7 disk to another spare drive.
I periodically boot into that drive and after a few minutes it tries to Upgrade to Win10 and fails. I want it to stop doing that.
It probably fails because the upgrade files in the download folder are corrupt.
I have uninstalled KB3035583 and hidden it.
How do I stop Windows 7 from trying to upgrade to Windows 10?
I already called Windows Support and they were no help and they had no problems with me running Windows 7 and Windows 10 on the same machine as long as I didn't run them both at the same time (how could I?).
My father hit yes to upgrad his HP Probook 6407b from Windows 7 to Win 10. He did not realize what he was saying yes to.
He brought it to me before it finsihed. I got into win 10, but then had issues with HP security software at boot. It would hang at boot, say something about a finger print reader, and then allow me to log in. So I decided to revert back to win 7. that failed. Goes to try a startup repair and it does not work. It looks like win 7 trying to do it and not 10.
Is there any way to recover either win 7 or 10?
I tried a win 10 usb drive, but it says the upgrade was previously started in windows, turn off machine and restart, but that fails.
How did you try to revert back to Win 7 ?
Did you do it this way ?........................................
Start button > left side, select Settings > select Update and Security > left side, select Recovery > right side, under Go back to Windows 7, click the Get Started button > follow the prompts from then on.
I had a virus or spyware that I resolved. Sorta.. It changed my global proxy settings I since then changed internet explorer and firefox back but the GLOBAL settings are still jacked cuz programs like windows update and msn messanger can not connect now due to this ...alkjshdfoehjwqofaw how do I fix this pls help!!!!
Hello and Welcome to TSF.
We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:
Having problems with spyware and pop-ups? First Steps
link at the top of each page.
------------------------------------------------------
Please follow our pre-posting process outlined here:
http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.
------------------------------------------------------
There is a software which often changes the proxy settings so I decided to config the internet settings registry right to reject the proxy settings. But When I decided to delete this software and return the rights back, I suddenly found that I can not change
the proxy settings manually!
The detail is that I change the auto proxy url, to let my pc use a pac file and I don't want any softwares to change. However, when I decided to give the rights back and try to change the url back, it never success, and even the same when i'm sure I have
cleared this url in the whole registry, but it back, as it never changes!
I check the registry rights twice or more to make sure that the rights has given back, just like it originally should be. But it never works.
So the result is I have to clear and reinstall the WINDOWS 10 AGAIN!
Never should you save such information both in registry and somewhere I don't know! Or you should let these stuffs out of the ** registry!
Hi guys hoping someone can help me please?
I have a Geforce GTX 660 and I have recently installed Windows 7 64-bit. For about 4 days everything has been fine - did Geforce drivers and amended the resolution in Nvidia Control panel, got Win 7 SP1, did Win updates, and all was well for about 4 days.
Then I left my PC for 30 mins, came back and turned on the screen - and it has reverted to the pre-driver state for graphics. I have tried uninstalling the drivers and reinstalling the drivers and nvidia software a few times but it doesn't work. Also the card has HD Audio but no sound is coming through. The test you can do in Sound in Control Panel plays and all files play - just no sound is produced.
I can't change from 1024x768, and no sound plays .
Please help any ideas are welcome thank you
Welcome to the forum. Have you installed certified drivers for 64 bit they have to be certified if they arnt they will install and work until you reboot then windows will kick the out and revert. You can force it to use them but its not recommended as its there for protection How to install unsigned drivers on Windows 7? - Super User
Read other 0 answers
