Just a note for the 1st step--I am asking you to do that in order to enable me to remove the entries you disabled, via the script in the 3rd step.
2. I ran the uninstallers for Malwarebytes and Norton Security, and I also ran one from the McAfee site to try and clean up leftovers from a free trial that was preinstalled. Note: There is still a 516 MB McAfee folder on the D drive under "Applications." And there are three Norton folders still on the C drive under "Program Files (x86) ). The folders are Norton Security (136 MB), Norton Security Scan (45 KB), and Norton Installer (496 KB). Do you think it's safe to just delete those folders?
You can safely delete both folders. Did this laptop come pre-installed with an anti-virus, by the way? Copies are usually kept in a folder called "Applications" by the manufacturers. Such may be the case for McAfee.
3. I haven't downloaded any new security yet. The laptop came with Windows Defender, which I assume is sufficient for now?
Windows Defender is a supplementary program and will not stand on its own. Kindly refer to my prior post and choose one anti-virus to install. I would recommend Avast.
Oh, another quirky thing: My Kindle app stopped working last night, after working fine the night before. It starts to open, then crashes. I tried uninstalling and reinstalling with no joy. It seems to be the only app affected. Trying to figure that out now. *shrug*
Did you mean 'this'?
- Step 1
Open System Configuration by following the steps below.- Press the Windows and R buttons together. The Run prompt should appear.
- Type in msconfig and press OK.
- Navigate to the Startup tab > Enable All > Apply > OK.
- You will be prompted to restart. Do not allow it by choosing Exit without restart.
- Step 2
Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.- Lenovo Browser Guard
- Step 3
Copy and paste the following into Notepad and save as fixlist.txt to your desktop:EmptyTemp: CloseProcesses: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] R2 VDWFP; C:\windows\system32\Drivers\VDWFP64.sys [39800 2014-05-12] (Superfish, Inc.) 2014-12-08 21:18 - 2014-12-08 21:25 - 188058456 _____ () C:\Users\Deidra\Downloads\OJ5740_117.exe 2014-12-08 21:31 - 2014-12-08 21:31 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-12-07 19:33 - 2014-12-14 13:05 - 00000000 ____D () C:\Program Files (x86)\Norton Security 2014-12-07 18:24 - 2014-12-14 13:15 - 00000000 ____D () C:\ProgramData\Norton 2014-12-07 18:24 - 2014-12-07 20:53 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan 2014-12-03 12:53 - 2014-12-03 12:53 - 00000000 ____D () C:\Users\Public\Pokki 2014-12-03 12:52 - 2014-12-07 21:18 - 00002302 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2014-12-03 11:48 - 2014-12-09 02:20 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Pokki 2014-12-03 11:48 - 2014-12-03 11:48 - 00000180 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2014-12-03 11:48 - 2014-12-03 11:48 - 00000000 ____D () C:\Users\Deidra\AppData\Local\LenovoBrowserGuard 2014-12-03 11:48 - 2014-03-18 04:55 - 00000369 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-12-03 11:48 - 2014-03-18 04:55 - 00000369 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-12-14 15:23 - 2014-08-20 21:09 - 00000000 ____D () C:\ProgramData\McAfee 2014-12-12 01:04 - 2014-08-20 21:11 - 00010920 _____ () C:\windows\SysWOW64\VisualDiscovery.ini 2014-12-12 01:04 - 2014-08-20 21:11 - 00005376 _____ () C:\windows\SysWOW64\VisualDiscoveryOff.ini 2014-12-12 01:04 - 2014-08-20 21:11 - 00005376 _____ () C:\windows\system32\VisualDiscoveryOff.ini 2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\Users\Default\AppData\Local\Pokki 2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\Pokki 2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\ProgramData\Pokki 2014-12-03 11:48 - 2014-08-20 21:08 - 00000000 ____D () C:\Program Files (x86)\LenovoBrowserGuard AlternateDataStreams: C:\Users\Deidra\Downloads\Facebook-20141203-121530.jpg:StreamedFileState AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver" HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion" HKLM\...\StartupApproved\Run32: => "ISUSPM" HKLM\...\StartupApproved\Run32: => "Yoga Picks" HKU\S-1-5-21-818984236-3831732592-3455439087-1001\...\StartupApproved\Run: => "Pokki" HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-08-20] (Lenovo) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
- Run your copy of FRST. It is important to ensure it is located in your desktop.
- Press the Fix button.
- It will produce a log (fixlog.txt) once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- fixlog.txt (Farbar Recovery Scan Tool)