Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirecting me to a page that says need to download adobe flash player


  • This topic is locked This topic is locked

#1
danno_1324

danno_1324

    Member

  • Member
  • PipPip
  • 30 posts

Hi, I am having a couple issue with my computer. every time I open a new tab or click on a link in internet explorer it redirects me to a page that say I need to download adobe flash player to continue or view the content. it also some times redirects me to a page or creates a pop-up window that says my PC is not protected and gives me a number to call and I can not close this window using the red x I need to click end process in task manager.

 

I do have avast on the computer but have been getting the message the exception unknown software exception (0xc06d007e) occurred in the application at location 0x778dc42d.

 

 

 

OTL logfile created on: 1/31/2015 2:38:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 47.17% Memory free
7.80 Gb Paging File | 5.60 Gb Available in Paging File | 71.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 49.91 Gb Free Space | 33.50% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/31 14:37:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2014/12/16 09:13:14 | 001,510,160 | ---- | M] (Nosibay) -- C:\Users\Owner\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
PRC - [2014/11/18 02:14:08 | 000,228,352 | ---- | M] (NTS Co., Ltd.") -- C:\Users\Owner\AppData\NTSFile\NTS.exe
PRC - [2014/09/26 17:19:22 | 000,530,816 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/06/25 05:06:00 | 001,668,896 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2014/06/25 05:06:00 | 000,127,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2014/05/27 10:11:30 | 000,257,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2014/05/27 10:10:38 | 000,149,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2014/05/27 10:10:34 | 000,330,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2014/05/27 10:10:32 | 000,125,488 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2014/03/14 16:47:00 | 000,272,728 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2014/03/14 16:46:50 | 000,133,464 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2014/03/14 14:02:30 | 000,610,304 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2013/05/29 17:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013/05/29 17:24:04 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013/05/29 17:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/24 12:28:10 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/04 11:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2010/02/04 11:14:06 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/26 17:54:11 | 000,561,664 | ---- | M] () -- C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.dll
MOD - [2015/01/26 17:53:55 | 000,561,664 | ---- | M] () -- C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.dll
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/28 19:53:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/06/10 10:44:50 | 000,125,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2014/05/27 10:10:46 | 000,110,128 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2014/05/27 10:10:32 | 000,125,488 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2014/01/29 09:01:20 | 000,049,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2013/12/17 16:59:56 | 000,068,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2013/05/29 17:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2013/05/29 17:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/05/31 05:29:08 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2011/05/31 05:29:04 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2011/05/31 05:22:56 | 002,715,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\ATService.exe -- (ATService)
SRV:64bit: - [2011/01/24 12:28:10 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/24 16:00:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (2516907e)
SRV - [2014/12/04 18:21:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/18 02:14:08 | 000,228,352 | ---- | M] (NTS Co., Ltd.") [Auto | Running] -- C:\Users\Owner\AppData\NTSFile\NTS.exe -- (Northern Themes Service)
SRV - [2014/08/06 14:35:36 | 000,559,872 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe -- (Lenovo EasyPlus Hotspot)
SRV - [2014/06/25 05:06:00 | 001,668,896 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2014/06/25 05:06:00 | 001,664,800 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2014/06/25 05:06:00 | 000,319,536 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2014/04/24 08:53:36 | 000,024,560 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/14 16:47:00 | 000,272,728 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2014/03/14 16:46:50 | 000,133,464 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/02/04 11:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2010/02/04 11:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/04/29 10:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/05 08:26:34 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys -- ({d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64)
DRV:64bit: - [2014/11/28 19:54:44 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/28 19:53:54 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/11/28 19:53:54 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/28 19:53:54 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/11/28 19:53:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/28 19:53:54 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/28 19:53:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/28 19:53:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/06/25 05:06:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2014/06/25 05:06:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2014/01/29 09:01:20 | 000,152,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2014/01/29 09:01:20 | 000,029,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2013/12/17 16:59:54 | 000,057,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/29 20:41:22 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/29 20:41:20 | 000,044,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/31 20:53:52 | 000,735,616 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/04/08 22:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2010/01/15 12:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 12:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 12:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/08 14:11:40 | 000,037,440 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/10/05 16:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/09/22 14:47:16 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/09/22 14:47:16 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/09/03 19:14:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/09/03 18:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/09/03 18:37:02 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/08/24 16:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/24 16:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/08/24 15:10:06 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/30 12:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 12:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/30 11:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/23 11:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 10:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/07 13:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2006/06/18 21:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eae225b
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34eae225b
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eae225b
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34eae225b
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eae225b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 36 76 A7 A9 8C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...&q={searchTerms}
IE - HKCU\..\SearchScopes\{95061A1A-B7C9-47BA-AFF4-AA78AFE3FFD2}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/31 13:24:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014/11/28 21:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (eaasytooshioap) - {719cccbf-550e-4297-aa73-fa1095331cd2} - C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.x64.dll ()
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SouftCoUp) - {ccf27571-8780-41ff-a436-0d18aa2a998b} - C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.x64.dll ()
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (eaasytooshioap) - {719cccbf-550e-4297-aa73-fa1095331cd2} - C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SouftCoUp) - {ccf27571-8780-41ff-a436-0d18aa2a998b} - C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Selection Tools] C:\Users\Owner\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (Nosibay)
O4 - HKCU..\Run: [TornTv Downloader] C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup File not found
O4 - HKCU..\Run: [WindApp] "C:\Users\Owner\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup File not found
O4 - HKLM..\RunOnce: [Search Extensions Program Files Data Uninstall] cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03658DF1-8A81-470D-B240-E5F7029F5D8E}: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{313D7836-5526-41D2-8C11-2ACD818DECCA}: DhcpNameServer = 206.248.154.22 206.248.154.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8BD3BC-9D39-4F53-9A3C-C966D019BD63}: DhcpNameServer = 206.248.154.22 206.248.154.170
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/31 13:56:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/01/31 13:25:03 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/01/26 17:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\savaingtoyou
[2015/01/26 17:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\deal2deEalIt
[2015/01/26 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\suRufokeepit
[2015/01/26 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SouftCoUp
[2015/01/26 17:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Markdown Preview
[2015/01/26 17:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\9613487398826831713
[2015/01/26 17:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eaasytooshioap
[2015/01/25 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UpgradeMaster
[2015/01/19 18:22:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ba91d130-ef64-4626-b6f0-bd6da616dc9b
[2015/01/07 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WebTest
[2015/01/05 16:40:09 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2015/01/05 16:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ZombieNews
[2015/01/05 16:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2015/01/05 16:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2015/01/05 16:20:50 | 000,045,216 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\drivers\cmwr.sys
[2015/01/05 16:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PicColorData
[2015/01/05 16:20:40 | 000,332,608 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysWow64\ColorMedia.dll
[2015/01/05 16:20:37 | 000,378,544 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\ColorMedia64.dll
[2015/01/05 16:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4
[2015/01/05 16:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Extensions
[2015/01/05 16:18:13 | 001,553,888 | ---- | C] (CinemaPlus 2.3cV02.12) -- C:\Users\Owner\AppData\Roaming\QPCQVW.exe
[2015/01/05 16:17:40 | 002,042,848 | ---- | C] (CinemaPlus 2.3cV02.12) -- C:\Users\Owner\AppData\Roaming\BAPRHQA.exe
[2015/01/05 16:17:22 | 000,048,792 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys
[2015/01/05 16:17:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\globalUpdate
[2015/01/05 16:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2015/01/05 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\1887373585
[2015/01/05 16:13:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Optimizer Pro
[2015/01/05 16:12:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WTools
[2015/01/05 16:12:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Store
[2015/01/05 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Nosibay
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/31 13:59:09 | 000,610,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/31 13:59:09 | 000,103,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/31 13:30:36 | 000,026,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/31 13:30:36 | 000,026,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/31 13:25:42 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/31 13:21:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/31 13:21:00 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/31 12:20:20 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2015/01/31 12:19:18 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2015/01/31 12:19:18 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2015/01/30 18:39:42 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/19 19:19:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/01/19 18:22:37 | 000,766,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/01/05 16:56:44 | 000,001,716 | ---- | M] () -- C:\Windows\SysWow64\${LOGFILE}
[2015/01/05 16:43:12 | 000,005,208 | ---- | M] () -- C:\Windows\SysWow64\ColorMedia.ini
[2015/01/05 16:43:12 | 000,002,792 | ---- | M] () -- C:\Windows\SysWow64\ColorMediaOff.ini
[2015/01/05 16:43:12 | 000,002,792 | ---- | M] () -- C:\Windows\SysNative\ColorMediaOff.ini
[2015/01/05 16:18:13 | 001,553,888 | ---- | M] (CinemaPlus 2.3cV02.12) -- C:\Users\Owner\AppData\Roaming\QPCQVW.exe
[2015/01/05 16:17:40 | 002,042,848 | ---- | M] (CinemaPlus 2.3cV02.12) -- C:\Users\Owner\AppData\Roaming\BAPRHQA.exe
[2015/01/05 16:10:41 | 000,001,874 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
[2015/01/05 08:26:34 | 000,048,792 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys
[2015/01/04 13:13:48 | 000,378,544 | ---- | M] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\ColorMedia64.dll
[2015/01/04 13:13:48 | 000,332,608 | ---- | M] (CartCrunch Israel Ltd.) -- C:\Windows\SysWow64\ColorMedia.dll
[2015/01/04 13:13:48 | 000,045,216 | ---- | M] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\drivers\cmwr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/19 19:19:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/01/05 16:33:02 | 000,001,716 | ---- | C] () -- C:\Windows\SysWow64\${LOGFILE}
[2015/01/05 16:20:44 | 000,005,208 | ---- | C] () -- C:\Windows\SysWow64\ColorMedia.ini
[2015/01/05 16:20:44 | 000,002,792 | ---- | C] () -- C:\Windows\SysWow64\ColorMediaOff.ini
[2015/01/05 16:20:44 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\ColorMediaOff.ini
[2015/01/05 16:10:41 | 000,001,874 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
[2014/10/01 14:10:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/10/01 14:02:28 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2014/10/01 10:56:07 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2014/09/29 14:01:35 | 000,766,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/28 19:56:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2013/07/29 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CachedFiles
[2014/10/27 08:42:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2014/09/29 10:23:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PwrMgr
[2015/01/05 16:21:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Store
[2014/11/28 21:37:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2014/11/28 19:32:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2015/01/31 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2015/01/07 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WebTest
[2015/01/05 16:12:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WTools
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

In your downloads folder there should be an Extras.txt file. Can you post that as well?


  • 0

#3
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

OTL Extras logfile created on: 1/31/2015 2:38:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 47.17% Memory free
7.80 Gb Paging File | 5.60 Gb Available in Paging File | 71.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 49.91 Gb Free Space | 33.50% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0119B27A-AF8A-47BA-8A04-FE174DC4E9C7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{06570730-17C3-4FD7-93C8-BE1841131C68}" = lport=139 | protocol=6 | dir=in | app=system |
"{1CD89EB6-A071-439B-ABD6-8FDF7072E29E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2637FF36-EA71-4541-AA7F-400535422C0F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2641D037-4261-491A-AE76-AF6948C16330}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EC20FAF-0D56-4781-9B3C-C2E6063ABFE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{55FC8C2F-4151-402C-9DB6-043EC0687D8A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5FD04AA8-E728-4C1D-9CA3-4837A754F352}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64C84739-49A0-42F2-B8F8-4902872C7DFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{73EBE36D-B1E0-4CE7-ACF8-5AECF6126CF2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D4500D1-CEBB-4755-81C6-53BBFCFC98AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A78663A8-E2EB-423E-A595-AE3DE21A8D12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B620B1A1-64DB-4415-B148-3D45AB6AFEA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{B96B31AC-F17B-4889-89C1-AF6FB7E938BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C62F0429-E94E-4F2F-AA0B-8C100CDA02CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{CEC627CC-50EE-4941-8AB8-52C20CD7E665}" = rport=138 | protocol=17 | dir=out | app=system |
"{D158036A-498B-48CF-8988-9E27657DD365}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D88083DC-ECB3-4C67-8295-619D76392DBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E029204F-E868-4478-BB4B-F75A46B9D915}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBD5E47F-E8A1-46A7-AAFE-AF187BFC53AB}" = lport=137 | protocol=17 | dir=in | app=system |
"{EFFED456-1945-4AFF-A11B-0A1DFD305A2C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE89F7FC-9503-4E27-83C0-4B15004C87EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FE7DCD-E262-4F6D-8F49-B4E271ACA427}" = protocol=58 | dir=in | [email protected],-28545 |
"{048B32F8-BC76-495D-88C0-A395015E1D98}" = protocol=58 | dir=out | [email protected],-28546 |
"{0AD25557-1740-4A2E-86F1-1168EC732CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |
"{13F1D083-C042-447B-9654-A3A8C1185829}" = protocol=17 | dir=in | app=uncserver.exe |
"{1C227AA7-2882-4472-B491-3DB6D68931E7}" = protocol=6 | dir=out | app=system |
"{25B26D44-49CB-4E8A-ACCB-B216D2FC2897}" = protocol=6 | dir=in | app=uncserver.exe |
"{29D04552-68C7-4F3F-9E4D-58F12F980EC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D813B0C-808C-488C-9DA6-7A049FAD6C29}" = protocol=6 | dir=in | app=uncserver.exe |
"{2EAEE6B7-926C-4026-8510-3504378E7F9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35FE4097-5251-4A37-8089-7DFB710DFEBF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{3B0C5BC4-EC8D-4BE5-90CC-F4C7275615A6}" = protocol=6 | dir=in | app=uncserver.exe |
"{40750DD1-C9EB-441C-A98D-75521F9F2CBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45E80135-5D80-4733-8770-D6981F2D18A5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{497548DA-CDAF-47F7-8617-66C0EFF05746}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{4B1B73D1-AEC5-4465-A9DB-CF56B83CC16E}" = protocol=6 | dir=in | app=uncserver.exe |
"{50F4BB4C-F780-4DD1-9A92-46D653E1E413}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{536A9DEF-47B5-41CC-9AA5-BCE5B06CDBA5}" = protocol=6 | dir=in | app=uncserver.exe |
"{56E002C8-AF88-4640-861C-A04E23047DF6}" = protocol=6 | dir=in | app=uncserver.exe |
"{5E6C57C0-802D-419F-B72D-34AE7AD4D99A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EB59766-4060-4FD3-B2BB-8903ED12A26A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{61825D29-2D71-45EC-B9B1-C91B0078EE70}" = protocol=17 | dir=in | app=uncserver.exe |
"{635981B4-4F5F-4931-A9C0-ACCBE586D5A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63F9BE15-9BE3-440B-AC01-5C0FF01EA959}" = protocol=17 | dir=in | app=uncserver.exe |
"{654F24B3-CDBD-4367-86BA-962F874B0ACE}" = protocol=6 | dir=in | app=uncserver.exe |
"{68C10D85-3B33-489C-A240-6237CB9A7937}" = protocol=17 | dir=in | app=uncserver.exe |
"{6D5C8B95-7942-4F35-AAE7-E0F047326BED}" = protocol=17 | dir=in | app=uncserver.exe |
"{6E96937C-A61F-4406-A796-AAF4030785A5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6EEF4F5F-2770-4A96-A533-94E4AB95402D}" = protocol=17 | dir=in | app=uncserver.exe |
"{707E17A2-8753-4E55-BD44-7E3CAFD89283}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7385926B-1F6E-4CA1-B050-F0CE278C6FDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{756A068C-AAA2-4976-B1B1-33B29752359B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{775C1157-7EB7-49FA-8A67-E3AE33261A54}" = protocol=17 | dir=in | app=uncserver.exe |
"{7C9E2822-5696-436E-8793-C14ACAEB0BE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8309B40D-5B80-4893-8CB6-04D36A5B0EDC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{88D9C011-A5CB-4ABA-9468-A64F7A1F2F82}" = protocol=6 | dir=in | app=uncserver.exe |
"{8A8396A4-B8EA-4A6C-9C74-44D67CC4CE2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B36E790-596E-4E72-8A87-A6BD4F29C60A}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |
"{9D42F959-92B6-4057-8B03-E646CE21AC59}" = protocol=6 | dir=in | app=uncserver.exe |
"{9F8AEE3E-C0C2-41D8-BBE4-4993225F60C3}" = protocol=17 | dir=in | app=uncserver.exe |
"{A210843A-9B81-46AE-BB6F-058C8C7004EC}" = protocol=1 | dir=in | [email protected],-28543 |
"{A4702CC4-5219-4762-8FDF-A16D339F5F18}" = protocol=17 | dir=in | app=uncserver.exe |
"{AAEA50DF-E6C9-471A-A849-08685D882069}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B79EF0A3-8708-4BA8-932A-84A0DDBF0396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF8E4176-B10B-4D93-A012-A8D834615D7C}" = protocol=17 | dir=in | app=uncserver.exe |
"{CFF4225E-9A9B-4C90-9CFD-51720B074359}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5E796F7-3321-4485-9E22-DE426386D316}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D8CD7631-9CBC-4AFE-986B-CAF69A95717E}" = protocol=17 | dir=in | app=uncserver.exe |
"{DDB49CC9-AEE2-4590-8E45-D482E4AFD5DC}" = protocol=6 | dir=in | app=uncserver.exe |
"{EAE764B9-80A1-4C03-99C3-E189FAC80FD4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ECF6106B-94C0-4CFE-8AEF-706C7193DB13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7B2F802-D858-40DD-9F3E-0E1D6C6EC559}" = protocol=1 | dir=out | [email protected],-28544 |
"{FC8D5323-DF82-47B8-9371-148ADE3047F7}" = protocol=6 | dir=in | app=uncserver.exe |
"TCP Query User{2260ED6B-214D-4234-9FAD-EC338DA480F1}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"TCP Query User{4D5A02EB-D7A3-4624-971E-38C94A2FE9F5}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"TCP Query User{99F2C0ED-4BA4-472C-9185-830A0D8DE868}C:\users\owner\appdata\roaming\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\torntv.com\torntv downloader.exe |
"UDP Query User{28FCEDAC-13CA-47F3-AA79-E4B4A73FD44F}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"UDP Query User{60941EB8-0EAE-4ACE-A149-8351FD240CE9}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"UDP Query User{67CB0E20-3788-4721-85FE-B871152973A1}C:\users\owner\appdata\roaming\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\torntv.com\torntv downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"HECI" = Intel® Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MESOL" = Intel® Active Management Technology
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = Lenovo Power Management Driver
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2516907e}" = UpgradeMaster
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD32F5E9-6BDD-480A-8B7B-95571D04691C}" = Lenovo Patch Utility
"{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}" = Metric Collection SDK 35
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{DDAA788F-52E6-44EA-ADB8-92837B11BF26}" = Metric Collection SDK
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Avast" = Avast Free Antivirus
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"SHAREit_is1" = SHAREit
"VLC media player" = VLC media player 2.0.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/27/2014 9:25:37 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: ee8    Start
 Time: 01cff1e9038994be    Termination Time: 16    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:  
 
Error - 10/27/2014 8:13:02 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service rpcnetp since QueryServiceConfig API failed  System Error: The system cannot
 find the file specified.  .
 
Error - 11/11/2014 11:07:52 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service rpcnetp since QueryServiceConfig API failed  System Error: The system cannot
 find the file specified.  .
 
Error - 11/28/2014 8:44:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary AVGIDSDriver.  System Error: The system cannot find the file specified.  .
 
Error - 11/28/2014 8:49:52 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service rpcnetp since QueryServiceConfig API failed  System Error: The system cannot
 find the file specified.  .
 
Error - 11/28/2014 9:04:17 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service rpcnetp since QueryServiceConfig API failed  System Error: The system cannot
 find the file specified.  .
 
[ System Events ]
Error - 12/28/2014 7:46:49 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The rimmptsk service failed to start due to the following error:   %%1058
 
Error - 12/28/2014 7:46:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The rimsptsk service failed to start due to the following error:   %%1058
 
Error - 12/28/2014 7:46:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
 following error:   %%1058
 
Error - 12/29/2014 8:02:44 PM | Computer Name = Owner-PC | Source = amdkmdag | ID = 43029
Description = Display is not active
 
Error - 12/30/2014 12:59:44 PM | Computer Name = Owner-PC | Source = amdkmdag | ID = 43029
Description = Display is not active
 
Error - 12/31/2014 3:04:55 AM | Computer Name = Owner-PC | Source = amdkmdag | ID = 43029
Description = Display is not active
 
Error - 12/31/2014 12:19:39 PM | Computer Name = Owner-PC | Source = amdkmdag | ID = 43029
Description = Display is not active
 
Error - 12/31/2014 9:47:49 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:46:43 PM on ?31/?12/?2014 was unexpected.
 
Error - 12/31/2014 9:47:49 PM | Computer Name = Owner-PC | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12/31/2014 9:47:49 PM | Computer Name = Owner-PC | Source = amdkmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
 


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's get started.

 

Step#1 - Warnings

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): uTorrent

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
UpgradeMaster
Java 7 Update 71

 

Step#3 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:OTL
PRC - [2014/12/16 09:13:14 | 001,510,160 | ---- | M] (Nosibay) -- C:\Users\Owner\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
PRC - [2014/11/18 02:14:08 | 000,228,352 | ---- | M] (NTS Co., Ltd.") -- C:\Users\Owner\AppData\NTSFile\NTS.exe
MOD - [2015/01/26 17:54:11 | 000,561,664 | ---- | M] () -- C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.dll
MOD - [2015/01/26 17:53:55 | 000,561,664 | ---- | M] () -- C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.dll
SRV - [2014/11/18 02:14:08 | 000,228,352 | ---- | M] (NTS Co., Ltd.") [Auto | Running] -- C:\Users\Owner\AppData\NTSFile\NTS.exe -- (Northern Themes Service)
DRV:64bit: - [2015/01/05 08:26:34 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys -- ({d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eae225b
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34eae225b
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eae225b
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34eae225b
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eae225b
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
O2:64bit: - BHO: (eaasytooshioap) - {719cccbf-550e-4297-aa73-fa1095331cd2} - C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.x64.dll ()
O2:64bit: - BHO: (SouftCoUp) - {ccf27571-8780-41ff-a436-0d18aa2a998b} - C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.x64.dll ()
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (eaasytooshioap) - {719cccbf-550e-4297-aa73-fa1095331cd2} - C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.dll ()
O2 - BHO: (SouftCoUp) - {ccf27571-8780-41ff-a436-0d18aa2a998b} - C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.dll ()
O4 - HKCU..\Run: [Selection Tools] C:\Users\Owner\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (Nosibay)
O4 - HKCU..\Run: [TornTv Downloader] C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup File not found
O4 - HKCU..\Run: [WindApp] "C:\Users\Owner\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup File not found
O4 - HKLM..\RunOnce: [Search Extensions Program Files Data Uninstall] cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1
O33 - MountPoints2\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2015/01/26 17:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\savaingtoyou
[2015/01/26 17:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\deal2deEalIt
[2015/01/26 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\suRufokeepit
[2015/01/26 17:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Markdown Preview
[2015/01/26 17:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\9613487398826831713
[2015/01/19 18:22:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ba91d130-ef64-4626-b6f0-bd6da616dc9b
[2015/01/05 16:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ZombieNews
[2015/01/05 16:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2015/01/05 16:20:50 | 000,045,216 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\drivers\cmwr.sys
[2015/01/05 16:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PicColorData
[2015/01/05 16:20:40 | 000,332,608 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysWow64\ColorMedia.dll
[2015/01/05 16:20:37 | 000,378,544 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\ColorMedia64.dll
[2015/01/05 16:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4
2015/01/05 16:18:13 | 001,553,888 | ---- | C] (CinemaPlus 2.3cV02.12) -- C:\Users\Owner\AppData\Roaming\QPCQVW.exe
[2015/01/05 16:17:40 | 002,042,848 | ---- | C] (CinemaPlus 2.3cV02.12) -- C:\Users\Owner\AppData\Roaming\BAPRHQA.exe
[2015/01/05 16:17:22 | 000,048,792 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys
[2015/01/05 16:17:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\globalUpdate
[2015/01/05 16:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2015/01/05 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\1887373585
[2015/01/05 16:13:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Optimizer Pro
[2015/01/05 16:12:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WTools
[2015/01/05 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Nosibay
[2015/01/05 16:43:12 | 000,005,208 | ---- | M] () -- C:\Windows\SysWow64\ColorMedia.ini
[2015/01/05 16:43:12 | 000,002,792 | ---- | M] () -- C:\Windows\SysWow64\ColorMediaOff.ini
[2015/01/05 16:43:12 | 000,002,792 | ---- | M] () -- C:\Windows\SysNative\ColorMediaOff.ini

 

:Files
C:\Users\Owner\AppData\Roaming\WTools
C:\Users\Owner\AppData\NTSFile
C:\Program Files (x86)\SouftCoUp
C:\Program Files (x86)\eaasytooshioap
C:\Program Files (x86)\SupTab
C:\Program Files (x86)\Search Extensions
C:\Users\Owner\AppData\Roaming\TornTV.com
C:\Users\Owner\AppData\Roaming\Store\WindApp

 

:Commands
[EmptyTemp]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#5 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

 

 

Items for your next post

1. OTL Fix log

2. AdwCleaner log

3. FRST & Addition logs

4. How's your machine doing now?

 


  • 0

#5
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi Brian, thanks for taking the time to help. I can not uninstall Java 7 update 71. It is giving me the error message the administrator has set policies to prevent this installation and then says I do not have sufficient access to uninstall the program, please contact system administrator. Should I continue to step 3 or wait until I can uninstall the program?


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Go ahead and continue with the other steps. Try to uninstall it again after the other steps are done.


  • 0

#7
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Results from step 3

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named Selection Tools.exe was found!
No active process named NTS.exe was found!
Error: No service named Northern Themes Service was found to stop!
Service\Driver key Northern Themes Service not found.
File C:\Users\Owner\AppData\NTSFile\NTS.exe not found.
Error: No service named {d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64 was found to stop!
Service\Driver key {d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64 not found.
File C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{719cccbf-550e-4297-aa73-fa1095331cd2}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{719cccbf-550e-4297-aa73-fa1095331cd2}\ not found.
File C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.x64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccf27571-8780-41ff-a436-0d18aa2a998b}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccf27571-8780-41ff-a436-0d18aa2a998b}\ not found.
File C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.x64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ not found.
File C:\Program Files (x86)\SupTab\SupTab.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{719cccbf-550e-4297-aa73-fa1095331cd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{719cccbf-550e-4297-aa73-fa1095331cd2}\ not found.
File C:\Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccf27571-8780-41ff-a436-0d18aa2a998b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccf27571-8780-41ff-a436-0d18aa2a998b}\ not found.
File C:\Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Selection Tools not found.
File C:\Users\Owner\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TornTv Downloader not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Search Extensions Program Files Data Uninstall not found.
File move failed. C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowCpl not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5ca780-a4ac-11e4-9f11-904ce5da9a54}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
Folder C:\Program Files (x86)\savaingtoyou\ not found.
Folder C:\Program Files (x86)\deal2deEalIt\ not found.
Folder C:\Program Files (x86)\suRufokeepit\ not found.
Folder C:\Program Files (x86)\Markdown Preview\ not found.
Folder C:\ProgramData\9613487398826831713\ not found.
Folder C:\Users\Owner\AppData\Local\ba91d130-ef64-4626-b6f0-bd6da616dc9b\ not found.
Folder C:\ProgramData\ZombieNews\ not found.
Folder C:\ProgramData\IePluginServices\ not found.
File C:\Windows\SysNative\drivers\cmwr.sys not found.
Folder C:\ProgramData\PicColorData\ not found.
File C:\Windows\SysWow64\ColorMedia.dll not found.
File C:\Windows\SysNative\ColorMedia64.dll not found.
Folder C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\ not found.
File C:\Users\Owner\AppData\Roaming\BAPRHQA.exe not found.
File C:\Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys not found.
Folder C:\Users\Owner\AppData\Local\globalUpdate\ not found.
Folder C:\Program Files (x86)\globalUpdate\ not found.
Folder C:\ProgramData\1887373585\ not found.
Folder C:\Users\Owner\Documents\Optimizer Pro\ not found.
Folder C:\Users\Owner\AppData\Roaming\WTools\ not found.
Folder C:\Users\Owner\AppData\Roaming\Nosibay\ not found.
File C:\Windows\SysWow64\ColorMedia.ini not found.
File C:\Windows\SysWow64\ColorMediaOff.ini not found.
File C:\Windows\SysNative\ColorMediaOff.ini not found.
========== FILES ==========
File\Folder C:\Users\Owner\AppData\Roaming\WTools not found.
File\Folder C:\Users\Owner\AppData\NTSFile not found.
C:\Program Files (x86)\SouftCoUp folder moved successfully.
File\Folder C:\Program Files (x86)\eaasytooshioap not found.
File\Folder C:\Program Files (x86)\SupTab not found.
File\Folder C:\Program Files (x86)\Search Extensions not found.
File\Folder C:\Users\Owner\AppData\Roaming\TornTV.com not found.
File\Folder C:\Users\Owner\AppData\Roaming\Store\WindApp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 99142 bytes
->Temporary Internet Files folder emptied: 1066734053 bytes
->Java cache emptied: 327381 bytes
->Flash cache emptied: 29088 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 556708060 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 8436596153 bytes
 
Total Files Cleaned = 9,594.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02012015_132325

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk not found!
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUQWKNG5\index[1].htm moved successfully.
File move failed. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T52LMDUI\346940-redirecting-me-to-a-page-that-says-need-to-download-adobe-flash-player-to-continue-or-that-my-pc-may-not-be-protected[1].htm scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T52LMDUI\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SOMC8JLS\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5VI2AXS\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GJZEDBE4\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#8
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

results of step 4

 

# AdwCleaner v4.109 - Report created 01/02/2015 at 13:35:44
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\f71228050000108f
Folder Deleted : C:\Users\Owner\AppData\Roaming\Store
File Deleted : C:\Users\Owner\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\Owner\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Owner\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\Owner\AppData\Roaming\Selection Tools.installation.log

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader
Key Deleted : [x64] HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vshare.eu
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.movshare.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [5792 octets] - [01/02/2015 13:34:04]
AdwCleaner[S0].txt - [5524 octets] - [01/02/2015 13:35:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5584 octets] ##########


  • 0

#9
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

results from step 5

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Owner (administrator) on OWNER-PC on 01-02-2015 13:39:36
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53947;https=127.0.0.1:53947
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3197909458-829259112-1465450475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKU\S-1-5-21-3197909458-829259112-1465450475-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-28]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-06-25] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update Reverse Page; "C:\Program Files (x86)\Reverse Page\updateReversePage.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 dolyyeab; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:39 - 2015-02-01 13:40 - 00011417 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-01 13:32 - 2015-02-01 13:39 - 00000000 ____D () C:\FRST
2015-02-01 13:32 - 2015-02-01 13:32 - 02131456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-02-01 13:12 - 2015-02-01 13:35 - 00000000 ____D () C:\AdwCleaner
2015-02-01 13:11 - 2015-02-01 13:12 - 02194432 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2015-02-01 13:10 - 2015-02-01 13:10 - 00000000 ____D () C:\_OTL
2015-02-01 12:33 - 2015-02-01 12:33 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-02-01 10:35 - 2015-02-01 12:31 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL (1).exe
2015-02-01 10:21 - 2015-02-01 10:21 - 00000000 ____D () C:\Users\Owner\Downloads\UFC.183.Silva.vs.Diaz.HDTV.x264-Streamsbay[rartv]
2015-02-01 10:19 - 2014-11-28 19:53 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-31 14:47 - 2015-02-01 10:44 - 00086806 _____ () C:\Users\Owner\Downloads\OTL.Txt
2015-01-31 14:47 - 2015-01-31 14:47 - 00049670 _____ () C:\Users\Owner\Downloads\Extras.Txt
2015-01-31 14:37 - 2015-01-31 14:37 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2015-01-31 13:39 - 2015-01-31 13:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 13:39 - 2015-01-31 13:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 12:25 - 2015-01-31 12:31 - 441555769 ____R () C:\Users\Owner\Downloads\Banshee.S03E04.HDTV.x264-KILLERS.mp4
2015-01-25 11:18 - 2015-01-25 11:20 - 476189528 ____R () C:\Users\Owner\Downloads\Black.Sails.S02E01.HDTV.x264-KILLERS.mp4
2015-01-24 10:58 - 2015-01-24 10:59 - 00000000 ____D () C:\Users\Owner\Downloads\Banshee.S03E03.HDTV.x264-KILLERS[ettv]
2015-01-19 19:19 - 2015-01-19 19:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-18 10:28 - 2015-01-18 10:31 - 330803399 ____R () C:\Users\Owner\Downloads\Banshee.S03E02.HDTV.x264-KILLERS.mp4
2015-01-13 17:43 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:43 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:43 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:43 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:43 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:43 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:43 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:43 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:43 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:43 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:43 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:43 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:43 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 10:09 - 2015-01-10 10:13 - 377366600 ____R () C:\Users\Owner\Downloads\Banshee.S03E01.HDTV.x264-KILLERS.mp4
2015-01-07 16:24 - 2015-01-07 16:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WebTest
2015-01-05 16:33 - 2015-01-05 16:56 - 00001716 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-01-05 16:20 - 2015-01-05 16:20 - 00003754 _____ () C:\Windows\System32\Tasks\KRWBWZLJOD
2015-01-05 16:18 - 2015-01-05 16:18 - 01553888 _____ (CinemaPlus 2.3cV02.12) C:\Users\Owner\AppData\Roaming\QPCQVW.exe
2015-01-05 16:11 - 2015-01-05 16:11 - 00000097 _____ () C:\Users\Owner\AppData\Roaming\WOffer.boostrap.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:40 - 2013-07-29 15:05 - 01967698 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 13:36 - 2013-07-30 10:20 - 00173814 _____ () C:\Windows\PFRO.log
2015-02-01 13:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 13:36 - 2009-07-13 23:51 - 00032629 _____ () C:\Windows\setupact.log
2015-02-01 13:35 - 2009-07-13 23:45 - 00026000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 13:35 - 2009-07-13 23:45 - 00026000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 13:28 - 2014-10-01 14:02 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2015-02-01 13:28 - 2014-10-01 10:56 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2015-02-01 13:28 - 2014-10-01 10:56 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2015-02-01 13:21 - 2014-11-28 19:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-01 11:34 - 2014-11-28 19:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-02-01 10:34 - 2014-11-28 21:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-02-01 10:19 - 2014-11-28 19:54 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-01 10:15 - 2014-12-15 17:26 - 00000000 ____D () C:\Program Files\Google
2015-02-01 10:15 - 2014-12-15 17:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-31 13:55 - 2014-12-15 17:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-31 13:39 - 2014-09-30 10:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-30 18:39 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 18:22 - 2014-09-29 14:01 - 00766100 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 10:31 - 2014-12-06 20:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\PokerStars
2015-01-16 21:01 - 2013-07-29 18:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 20:56 - 2013-07-29 16:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2013-07-29 15:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 16:49 - 2014-11-28 20:03 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-05 16:29 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini

==================== Files in the root of some directories =======

2015-01-05 16:18 - 2015-01-05 16:18 - 1553888 _____ (CinemaPlus 2.3cV02.12) C:\Users\Owner\AppData\Roaming\QPCQVW.exe
2015-01-05 16:11 - 2015-01-05 16:11 - 0000097 _____ () C:\Users\Owner\AppData\Roaming\WOffer.boostrap.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 15:08

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Owner at 2015-02-01 13:41:33
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3197909458-829259112-1465450475-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

19-01-2015 18:13:13 Windows Update
20-01-2015 19:01:23 avast! antivirus system restore point
24-01-2015 10:29:03 Windows Update
24-01-2015 17:04:23 avast! antivirus system restore point
25-01-2015 11:09:26 avast! antivirus system restore point
28-01-2015 18:32:07 avast! antivirus system restore point
28-01-2015 18:39:02 Windows Update
30-01-2015 19:24:22 Windows Defender Checkpoint
31-01-2015 12:20:45 avast! antivirus system restore point
31-01-2015 13:22:37 avast! antivirus system restore point
01-02-2015 10:16:08 avast! antivirus system restore point
01-02-2015 10:22:03 avast! antivirus system restore point
01-02-2015 12:16:53 Removed Java 7 Update 71
01-02-2015 12:17:29 Removed Java 7 Update 71
01-02-2015 12:18:44 Removed Java 7 Update 71
01-02-2015 12:21:03 Removed Java 7 Update 71
01-02-2015 12:53:54 Removed Java 7 Update 71
01-02-2015 13:03:11 Removed Java 7 Update 71
01-02-2015 13:10:30 OTL Restore Point - 2/1/2015 1:10:30 PM
01-02-2015 13:23:40 OTL Restore Point - 2/1/2015 1:23:37 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A8FA264-6DBA-457A-99EB-7E3500FFB033} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {AE301C71-E009-4553-BD53-975888D63EF9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-28] (AVAST Software)
Task: {B2151E45-D193-4BE6-86B9-7EE9A1FC3B98} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-25] (Lenovo Group Limited)
Task: {C715BFFD-EB25-4FB7-83B2-6EEDB16864ED} - System32\Tasks\KRWBWZLJOD => C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe
Task: {CD295AC8-2093-4030-A847-7B71C524F6E0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {EB22FFB6-B057-4CBA-8EF4-F9215645A2F9} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {F9C4FF0D-E81D-43FF-B0D5-7ED8582FBCD6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)

==================== Loaded Modules (whitelisted) =============

2011-05-31 05:29 - 2011-05-31 05:29 - 00117760 _____ () C:\Windows\system32\DTS.exe
2011-01-24 12:28 - 2011-01-24 12:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2014-09-27 15:15 - 2014-06-25 05:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3197909458-829259112-1465450475-500 - Administrator - Disabled)
Guest (S-1-5-21-3197909458-829259112-1465450475-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3197909458-829259112-1465450475-1004 - Limited - Enabled)
Owner (S-1-5-21-3197909458-829259112-1465450475-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 01:38:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.0.2208.726, time stamp: 0x547764ec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0x8a8
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3

Error: (02/01/2015 01:30:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.0.2208.726, time stamp: 0x547764ec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0xdc0
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3

Error: (02/01/2015 01:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.0.2208.726, time stamp: 0x547764ec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0x9a8
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3

Error: (02/01/2015 01:13:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OTL.exe, version: 3.2.69.0, time stamp: 0x2a425e19
Faulting module name: RPCRT4.dll, version: 6.1.7601.18532, time stamp: 0x53c3352a
Exception code: 0xc0020043
Fault offset: 0x0005d111
Faulting process id: 0x2660
Faulting application start time: 0xOTL.exe0
Faulting application path: OTL.exe1
Faulting module path: OTL.exe2
Report Id: OTL.exe3

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (02/01/2015 01:38:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (02/01/2015 01:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Reverse Page service failed to start due to the following error:
%%2

Error: (02/01/2015 01:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error:
%%1058

Error: (02/01/2015 01:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%1058

Error: (02/01/2015 01:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimmptsk service failed to start due to the following error:
%%1058

Error: (02/01/2015 01:36:45 PM) (Source: amdkmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (02/01/2015 01:36:45 PM) (Source: amdkmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/01/2015 01:35:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/01/2015 01:35:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Power Manager Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2015 01:35:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (02/01/2015 01:38:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avastui.exe10.0.2208.726547764ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d8a801d03e4e11efb0c3C:\Program Files\AVAST Software\Avast\avastui.exeC:\Windows\syswow64\KERNELBASE.dll7f4f8ff1-aa41-11e4-ae72-904ce5da9a54

Error: (02/01/2015 01:30:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avastui.exe10.0.2208.726547764ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42ddc001d03e4cfd1c44e8C:\Program Files\AVAST Software\Avast\avastui.exeC:\Windows\syswow64\KERNELBASE.dll63cd5ce2-aa40-11e4-a1c7-904ce5da9a54

Error: (02/01/2015 01:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avastui.exe10.0.2208.726547764ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d9a801d03e4b91ee61c7C:\Program Files\AVAST Software\Avast\avastui.exeC:\Windows\syswow64\KERNELBASE.dll056f67af-aa3f-11e4-9a3c-904ce5da9a54

Error: (02/01/2015 01:13:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OTL.exe3.2.69.02a425e19RPCRT4.dll6.1.7601.1853253c3352ac00200430005d111266001d03e4a036eb4d2C:\Users\Owner\Desktop\OTL.exeC:\Windows\syswow64\RPCRT4.dllfdba809f-aa3d-11e4-9cf6-904ce5da9a54

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
The system cannot find the file specified.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.

Error: (02/01/2015 01:10:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
The system cannot find the file specified.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3992.03 MB
Available physical RAM: 2029.54 MB
Total Pagefile: 7982.24 MB
Available Pagefile: 6097.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:58.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 75B04FE5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Good job. Some more things to clean up. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.01KB   135 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#3 - Avast - Uninstall/Re-install

1. Can you uninstall Avast from Add/Remove programs? Please try and let me know.

 

 

 

Items for your next post

1. FRST Fix log

2. Junkware log

3. Can you uninstall Avast?


  • 0

Advertisements


#11
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Report from step 1

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Owner at 2015-02-01 14:38:43 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53947;https=127.0.0.1:53947
S2 Update Reverse Page; "C:\Program Files (x86)\Reverse Page\updateReversePage.exe" [X]
C:\Program Files (x86)\Reverse Page
S3 dolyyeab; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
2015-01-05 16:20 - 2015-01-05 16:20 - 00003754 _____ () C:\Windows\System32\Tasks\KRWBWZLJOD
2015-01-05 16:18 - 2015-01-05 16:18 - 01553888 _____ (CinemaPlus 2.3cV02.12) C:\Users\Owner\AppData\Roaming\QPCQVW.exe
2015-01-05 16:11 - 2015-01-05 16:11 - 00000097 _____ () C:\Users\Owner\AppData\Roaming\WOffer.boostrap.log
Task: {C715BFFD-EB25-4FB7-83B2-6EEDB16864ED} - System32\Tasks\KRWBWZLJOD => C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe
C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe
cmd:bitsadmin /reset allusers
EmptyTemp:

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Update Reverse Page => Service deleted successfully.
"C:\Program Files (x86)\Reverse Page" => File/Directory not found.
dolyyeab => Service deleted successfully.
C:\Windows\System32\Tasks\KRWBWZLJOD => Moved successfully.
C:\Users\Owner\AppData\Roaming\QPCQVW.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\WOffer.boostrap.log => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C715BFFD-EB25-4FB7-83B2-6EEDB16864ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C715BFFD-EB25-4FB7-83B2-6EEDB16864ED}" => Key deleted successfully.
C:\Windows\System32\Tasks\KRWBWZLJOD not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KRWBWZLJOD" => Key deleted successfully.
"C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe" => File/Directory not found.

========= bitsadmin /reset allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unknown option 'allusers'.

========= End of CMD: =========

EmptyTemp: => Removed 250.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:39:22 ====


  • 0

#12
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Report from step 2

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Sun 02/01/2015 at 14:45:56.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/01/2015 at 14:48:39.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#13
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi Brian,

 

I was able to uninstall avast. Would should I do next?

 

Thanks,

Daniel


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent. Your drive was reporting possible corruption so we need to check/repair that and then I would like you to re-install Avast. So please first do the following.

 

Step#1 - ChkDsk Scan
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG
3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk and then press enter.
6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.
Chkdsk.JPG
 
7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

8. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.


  • 0

#15
danno_1324

danno_1324

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 2/1/2015 3:07:06 PM >------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 4513
Source Name: Chkdsk
Time Written: 02-01-2015 @ 20:06:43
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x209 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x11ca5 is already in use.

Attribute record (128, "") from file record segment 72869
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x20b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x12ce1 is already in use.
Attribute record (128, "") from file record segment 77025
is corrupt.
  165888 file records processed.                                        

File verification completed.
  699 large file records processed.                                  

Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 4512
Source Name: Chkdsk
Time Written: 02-01-2015 @ 20:05:28
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x209 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x11ca5 is already in use.

Attribute record (128, "") from file record segment 72869
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x20b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x12ce1 is already in use.
Attribute record (128, "") from file record segment 77025
is corrupt.
  165888 file records processed.                                        

File verification completed.
  697 large file records processed.                                  

Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP