[BrianDrab]

OK, as I suspected there is corruption that needs to be fixed. Please do the following to repair the drive.

 

Step#1 - ChkDsk Repair
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk /R and then press enter. Note: There is a space after the command chkdsk and before the forward slash
6. You will get a prompt telling you chkdsk cannot run because the volume is in use. Answer Y and hit enter to schedule the run at next boot.
7. Reboot your computer and chkdsk will run. Let it complete please.
8. Right-click ListChkdskResult.exe and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

[Advertisements]

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 2/1/2015 3:42:54 PM >------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 4513
Source Name: Chkdsk
Time Written: 02-01-2015 @ 20:06:43
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x209 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x11ca5 is already in use.

Attribute record (128, "") from file record segment 72869
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x20b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x12ce1 is already in use.
Attribute record (128, "") from file record segment 77025
is corrupt.
  165888 file records processed.                                        

File verification completed.
  699 large file records processed.                                  

Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 4512
Source Name: Chkdsk
Time Written: 02-01-2015 @ 20:05:28
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x209 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x11ca5 is already in use.

Attribute record (128, "") from file record segment 72869
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x20b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x12ce1 is already in use.
Attribute record (128, "") from file record segment 77025
is corrupt.
  165888 file records processed.                                        

File verification completed.
  697 large file records processed.                                  

Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------

[danno_1324]

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 2/1/2015 3:42:54 PM >------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 4513
Source Name: Chkdsk
Time Written: 02-01-2015 @ 20:06:43
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x209 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x11ca5 is already in use.

Attribute record (128, "") from file record segment 72869
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x20b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x12ce1 is already in use.
Attribute record (128, "") from file record segment 77025
is corrupt.
  165888 file records processed.                                        

File verification completed.
  699 large file records processed.                                  

Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 4512
Source Name: Chkdsk
Time Written: 02-01-2015 @ 20:05:28
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x209 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x11ca5 is already in use.

Attribute record (128, "") from file record segment 72869
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x20b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x12ce1 is already in use.
Attribute record (128, "") from file record segment 77025
is corrupt.
  165888 file records processed.                                        

File verification completed.
  697 large file records processed.                                  

Errors found.  CHKDSK cannot continue in read-only mode.

-----------------------------------------------------------------------

[BrianDrab]

Did you not do Bullet#5 properly above? This time you needed to type chkdsk /R

[danno_1324]

I've done this several time but nothing is happening when I reboot the computer, I get the message saying chkdsk will run after I reboot but it doesn't appear to be doing that.

[BrianDrab]

When you reboot your machine you need to make sure you don't press any keys on your keyboard until your desktop comes back up. Are you possibly hitting a key on your keyboard after rebooting?

[danno_1324]

I'm pretty sure I didn't hit any keys during the reboot. I'm trying to run chkdsk /R again now to make sure but I am getting a message in cmd saying Access Denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode

[BrianDrab]

That means you didn't do bullets#1, 2 & 3 exactly. You need to ensure you right-click on the cmd.exe that comes up and choose Run as administrator.

[danno_1324]

Okay I was able to run chkdsk /R again I made sure not to press any keys or the mouse during the process and even waited almost 10 minutes once the desktop came back up but nothing happened after the reboot

[BrianDrab]

OK, skip that for the moment. Please do the following.

 

Step#1 - Re-install Avast AV. (We don't want you unprotected).

Avast! (Please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason).

 

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step#3 - Malwarebytes Scan

• Download Malwarebytes to your desktop from here.
• Right-click on the file that is downloaded to your desktop and select Run as administrator.
• Select the appropriate language and click OK.
• Click Next.
• Select "I accept the agreement" and click Next.
• Click Next
• Change the install path if desired. Normally you will keep this as is. Click Next.
• Click Next again.
• Click Next again.
• Click Install.
• Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
• Click Finish
• If an update is found you will be prompted to download and install. Go ahead.
• Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
• 
   
• Click the Scan button at the top of the form and then click Scan Now.
  
• If anything is detected, there will be an Apply Actions button. Please click this.
• Once the scan completes click the View detailed log link.
  
• Then click the Copy to clipboard button and paste into your next post.
  

 

 

Step#4 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

 

 

 

 

Items for your next post

1. Rootkit Scan Log

2. Malwarebytes log

3. Fresh FRST & Addition logs

[danno_1324]

results from step 2

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-01 17:00:51
-----------------------------
17:00:51.713    OS Version: Windows x64 6.1.7601 Service Pack 1
17:00:51.713    Number of processors: 2 586 0x170A
17:00:51.714    ComputerName: OWNER-PC  UserName: Owner
17:01:01.467    Initialize success
17:01:01.469    VM: initialized successfully
17:01:01.470    VM: Intel CPU BiosDisabled
17:01:01.603    AVAST engine defs: 15020101
17:01:31.756    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:01:31.759    Disk 0 Vendor: ST9160412AS 0003LVM1 Size: 152627MB BusType: 3
17:01:31.968    Disk 0 MBR read successfully
17:01:31.970    Disk 0 MBR scan
17:01:31.974    Disk 0 Windows 7 default MBR code
17:01:32.004    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:01:32.062    Disk 0 default boot code
17:01:32.078    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848
17:01:32.158    Disk 0 scanning C:\Windows\system32\drivers
17:02:33.676    Service scanning
17:04:16.174    Modules scanning
17:04:16.674    Disk 0 trace - called modules:
17:04:16.689    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
17:04:16.705    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800514a5f0]
17:04:16.705    3 CLASSPNP.SYS[fffff880019b843f] -> nt!IofCallDriver -> [0xfffffa8004bfc520]
17:04:16.705    5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bfe060]
17:04:29.031    AVAST engine scan C:\Windows
17:04:39.117    AVAST engine scan C:\Windows\system32
17:07:51.354    AVAST engine scan C:\Windows\system32\drivers
17:08:07.119    AVAST engine scan C:\Users\Owner
17:09:11.631    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:09:11.631    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

[danno_1324]

results from step 3

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/1/2015
Scan Time: 5:08:26 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.01.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325606
Time Elapsed: 11 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.CinemaVideoPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Cinema Video Plus 2.3cV02.12-nv, Quarantined, [d37e5f98cabfcc6a3d9ac6c4ca392fd1],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, Quarantined, [5cf5a750f19844f2773ec5c643c0ab55],
PUP.Optional.CinemaVideoPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema Video Plus 2.3cV02.12, Quarantined, [0b46bc3b3554f4428b4db2d8d62dc13f],
PUP.Optional.DesktopDockApp.A, HKU\S-1-5-21-3197909458-829259112-1465450475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DesktopDockApp, Quarantined, [3b165b9c47421f1733b3e1a761a2d030],
PUP.Optional.GameHugArcade.A, HKU\S-1-5-21-3197909458-829259112-1465450475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GameHugArcadeApp, Quarantined, [6ce5f0072b5e989e1e42027f40c3a45c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[danno_1324]

Step 4 results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Owner (administrator) on OWNER-PC on 01-02-2015 17:21:58
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\System32\rpcnetp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2015-02-01] (AVAST Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53947;https=127.0.0.1:53947
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3197909458-829259112-1465450475-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3197909458-829259112-1465450475-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-01]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-01] (AVAST Software)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-06-25] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-01] (AVAST Software)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-01] ()
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 17:09 - 2015-02-01 17:09 - 00001953 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2015-02-01 17:09 - 2015-02-01 17:09 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2015-02-01 17:07 - 2015-02-01 17:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 17:06 - 2015-02-01 17:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 17:06 - 2015-02-01 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 17:06 - 2015-02-01 17:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:06 - 2015-02-01 17:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 17:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 17:06 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 17:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 17:04 - 2015-02-01 17:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-01 17:02 - 2015-02-01 17:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2015-02-01 17:01 - 2015-02-01 17:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-01 17:01 - 2015-02-01 17:01 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-01 17:01 - 2015-02-01 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-01 16:59 - 2015-02-01 17:01 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-01 16:59 - 2015-02-01 17:01 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-01 16:59 - 2015-02-01 16:58 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1422828081687
2015-02-01 16:59 - 2015-02-01 16:58 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-01 16:59 - 2015-02-01 16:58 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-01 16:59 - 2015-02-01 16:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-01 16:59 - 2015-02-01 16:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-01 16:59 - 2015-02-01 16:58 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1422828084526
2015-02-01 16:59 - 2015-02-01 16:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-01 16:59 - 2015-02-01 16:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-01 16:58 - 2015-02-01 16:59 - 05198336 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2015-02-01 16:58 - 2015-02-01 16:58 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-01 16:58 - 2015-02-01 16:58 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-01 16:57 - 2015-02-01 16:57 - 05006864 _____ (AVAST Software) C:\Users\Owner\Desktop\avast_free_antivirus_setup_online.exe
2015-02-01 16:52 - 2015-02-01 16:52 - 00005554 _____ () C:\Users\Owner\Desktop\ListChkdskResult.txt
2015-02-01 15:07 - 2015-02-01 15:07 - 00197679 _____ () C:\Users\Owner\Desktop\ListChkdskResult.exe
2015-02-01 14:48 - 2015-02-01 14:48 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-02-01 14:45 - 2015-02-01 14:45 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 14:43 - 2015-02-01 14:44 - 01707939 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-02-01 13:41 - 2015-02-01 13:42 - 00021320 _____ () C:\Users\Owner\Desktop\Addition.txt
2015-02-01 13:39 - 2015-02-01 17:22 - 00014030 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-01 13:32 - 2015-02-01 17:22 - 00000000 ____D () C:\FRST
2015-02-01 13:32 - 2015-02-01 13:32 - 02131456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-02-01 13:12 - 2015-02-01 13:35 - 00000000 ____D () C:\AdwCleaner
2015-02-01 13:11 - 2015-02-01 13:12 - 02194432 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2015-02-01 13:10 - 2015-02-01 13:10 - 00000000 ____D () C:\_OTL
2015-02-01 12:33 - 2015-02-01 12:33 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-02-01 10:35 - 2015-02-01 12:31 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL (1).exe
2015-02-01 10:21 - 2015-02-01 10:21 - 00000000 ____D () C:\Users\Owner\Downloads\UFC.183.Silva.vs.Diaz.HDTV.x264-Streamsbay[rartv]
2015-01-31 14:47 - 2015-02-01 10:44 - 00086806 _____ () C:\Users\Owner\Downloads\OTL.Txt
2015-01-31 14:47 - 2015-01-31 14:47 - 00049670 _____ () C:\Users\Owner\Downloads\Extras.Txt
2015-01-31 14:37 - 2015-01-31 14:37 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2015-01-31 13:39 - 2015-01-31 13:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 13:39 - 2015-01-31 13:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 12:25 - 2015-01-31 12:31 - 441555769 ____R () C:\Users\Owner\Downloads\Banshee.S03E04.HDTV.x264-KILLERS.mp4
2015-01-25 11:18 - 2015-01-25 11:20 - 476189528 ____R () C:\Users\Owner\Downloads\Black.Sails.S02E01.HDTV.x264-KILLERS.mp4
2015-01-24 10:58 - 2015-01-24 10:59 - 00000000 ____D () C:\Users\Owner\Downloads\Banshee.S03E03.HDTV.x264-KILLERS[ettv]
2015-01-19 19:19 - 2015-01-19 19:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-18 10:28 - 2015-01-18 10:31 - 330803399 ____R () C:\Users\Owner\Downloads\Banshee.S03E02.HDTV.x264-KILLERS.mp4
2015-01-13 17:43 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:43 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:43 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:43 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:43 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:43 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:43 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:43 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:43 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:43 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:43 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:43 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:43 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 10:09 - 2015-01-10 10:13 - 377366600 ____R () C:\Users\Owner\Downloads\Banshee.S03E01.HDTV.x264-KILLERS.mp4
2015-01-07 16:24 - 2015-01-07 16:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WebTest
2015-01-05 16:33 - 2015-01-05 16:56 - 00001716 _____ () C:\Windows\SysWOW64\${LOGFILE}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 17:04 - 2014-12-15 17:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-01 17:03 - 2014-12-15 17:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-02-01 17:01 - 2014-12-15 17:26 - 00000000 ____D () C:\Program Files\Google
2015-02-01 16:58 - 2014-11-28 19:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-01 16:57 - 2009-07-13 23:45 - 00026000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:57 - 2009-07-13 23:45 - 00026000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:53 - 2013-07-29 15:05 - 02072624 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 16:50 - 2014-10-01 14:02 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2015-02-01 16:50 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 16:49 - 2014-10-01 10:56 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2015-02-01 16:49 - 2014-10-01 10:56 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2015-02-01 16:49 - 2009-07-13 23:51 - 00033245 _____ () C:\Windows\setupact.log
2015-02-01 16:13 - 2009-07-14 00:13 - 00729392 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 15:39 - 2013-07-30 10:20 - 00493816 _____ () C:\Windows\PFRO.log
2015-02-01 11:34 - 2014-11-28 19:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-02-01 10:34 - 2014-11-28 21:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-01-31 13:39 - 2014-09-30 10:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-19 18:22 - 2014-09-29 14:01 - 00766100 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 10:31 - 2014-12-06 20:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\PokerStars
2015-01-16 21:01 - 2013-07-29 18:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 20:56 - 2013-07-29 16:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2013-07-29 15:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 16:49 - 2014-11-28 20:03 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-05 16:29 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 15:08

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Owner at 2015-02-01 17:22:42
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3197909458-829259112-1465450475-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-01-2015 18:39:02 Windows Update
30-01-2015 19:24:22 Windows Defender Checkpoint
31-01-2015 12:20:45 avast! antivirus system restore point
31-01-2015 13:22:37 avast! antivirus system restore point
01-02-2015 10:16:08 avast! antivirus system restore point
01-02-2015 10:22:03 avast! antivirus system restore point
01-02-2015 12:16:53 Removed Java 7 Update 71
01-02-2015 12:17:29 Removed Java 7 Update 71
01-02-2015 12:18:44 Removed Java 7 Update 71
01-02-2015 12:21:03 Removed Java 7 Update 71
01-02-2015 12:53:54 Removed Java 7 Update 71
01-02-2015 13:03:11 Removed Java 7 Update 71
01-02-2015 13:10:30 OTL Restore Point - 2/1/2015 1:10:30 PM
01-02-2015 13:23:40 OTL Restore Point - 2/1/2015 1:23:37 PM
01-02-2015 13:51:12 Removed Java 7 Update 71
01-02-2015 14:38:43 Restore Point Created by FRST
01-02-2015 14:55:38 avast! antivirus system restore point
01-02-2015 16:11:43 Windows Update
01-02-2015 16:56:29 Removed Java 7 Update 71
01-02-2015 16:57:54 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A8FA264-6DBA-457A-99EB-7E3500FFB033} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {5F5351DF-B18A-4FF2-B76F-B70CE272958F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-01] (AVAST Software)
Task: {B2151E45-D193-4BE6-86B9-7EE9A1FC3B98} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-25] (Lenovo Group Limited)
Task: {CD295AC8-2093-4030-A847-7B71C524F6E0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {EB22FFB6-B057-4CBA-8EF4-F9215645A2F9} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {F9C4FF0D-E81D-43FF-B0D5-7ED8582FBCD6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)

==================== Loaded Modules (whitelisted) =============

2011-05-31 05:29 - 2011-05-31 05:29 - 00117760 _____ () C:\Windows\system32\DTS.exe
2011-01-24 12:28 - 2011-01-24 12:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2014-09-27 15:15 - 2014-06-25 05:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-10-01 10:56 - 2015-02-01 16:49 - 00017920 _____ () C:\Windows\System32\rpcnetp.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-02-01 16:59 - 2015-02-01 16:59 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020101\algo.dll
2015-02-01 16:58 - 2015-02-01 16:58 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3197909458-829259112-1465450475-500 - Administrator - Disabled)
Guest (S-1-5-21-3197909458-829259112-1465450475-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3197909458-829259112-1465450475-1004 - Limited - Enabled)
Owner (S-1-5-21-3197909458-829259112-1465450475-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 05:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000018e5d
Faulting process id: 0x96c
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (02/01/2015 04:57:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 04:56:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: consent.exe, version: 6.1.7601.18493, time stamp: 0x538d8c78
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000018e5d
Faulting process id: 0xc90
Faulting application start time: 0xconsent.exe0
Faulting application path: consent.exe1
Faulting module path: consent.exe2
Report Id: consent.exe3

Error: (02/01/2015 04:56:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 03:09:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4bc

Start Time: 01d03e59788a0a30

Termination Time: 32

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (02/01/2015 02:55:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/01/2015 02:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.0.2208.726, time stamp: 0x547764ec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0xb7c
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3

System errors:
=============
Error: (02/01/2015 05:02:36 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (02/01/2015 05:02:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (02/01/2015 05:02:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (02/01/2015 05:02:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (02/01/2015 05:02:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (02/01/2015 05:02:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (02/01/2015 05:02:07 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (02/01/2015 05:02:03 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (02/01/2015 05:01:39 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (02/01/2015 05:01:34 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Microsoft Office Sessions:
=========================
Error: (02/01/2015 05:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe5.0.7601.175144ce79d93ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d96c01d03e69eb291d6bC:\Windows\system32\msiexec.exeC:\Windows\SYSTEM32\ntdll.dlld2389376-aa5d-11e4-9d71-904ce5da9a54

Error: (02/01/2015 04:57:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (02/01/2015 04:56:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: consent.exe6.1.7601.18493538d8c78ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5dc9001d03e69f9b6aca1C:\Windows\system32\consent.exeC:\Windows\SYSTEM32\ntdll.dll38a4b3f9-aa5d-11e4-9d71-904ce5da9a54

Error: (02/01/2015 04:56:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (02/01/2015 03:09:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174964bc01d03e59788a0a3032C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (02/01/2015 02:55:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (02/01/2015 02:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avastui.exe10.0.2208.726547764ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42db7c01d03e58c092c45cC:\Program Files\AVAST Software\Avast\avastui.exeC:\Windows\syswow64\KERNELBASE.dll2c17b7db-aa4c-11e4-97aa-904ce5da9a54

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3992.03 MB
Available physical RAM: 2415.35 MB
Total Pagefile: 7982.24 MB
Available Pagefile: 6264.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:57.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 75B04FE5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[BrianDrab]

OK, please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   370bytes   115 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

• Please go here and click on
• Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
• Please accept the ESET Online Scanner EULA and click Start.
• If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
• Make sure Enable detection of potentially unwanted applications is selected.
• Click the Advanced Settings link.
• Make sure Remove found threats is NOT checked.
• Make sure Scan archives IS checked.
• Make sure Scan for potentially unsafe applications IS checked.
• Make sure Enable Anti-Stealth technology IS checked
• 
   
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed, if anything was detected please click the List of found threats link.
• 
   
• Then click the Copy to Clipboard link and paste this information into your next reply.
• 

   

   

• Then you may click the Back button.
• Check Uninstall Application on Close before clicking finish.

 

Step#3 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Items for your next post

1. FRST Fix log
2. Contents of the ESET log file

3. Security Check log

 

 

[danno_1324]

results from step 1

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Owner at 2015-02-01 17:48:27 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
Toolbar: HKU\S-1-5-21-3197909458-829259112-1465450475-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53947;https=127.0.0.1:53947
cmd:bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3197909458-829259112-1465450475-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

==== End of Fixlog 17:48:49 ====

[danno_1324]

Results from step 2

 

C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\QPCQVW.exe.xBAD a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application
C:\Users\Owner\Music\Old Computer\iTunes\Pure Volume\BitLord_1.01.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\eaasytooshioap\BJd3tqjwKflDsD.dll a variant of Win32/Adware.MultiPlug.EG application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SouftCoUp\2KsQkEwW0pQXDW.dll a variant of Win32/Adware.MultiPlug.EG application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\DpInterface32.dll Win32/Thinknice.E potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\DpInterface64.dll Win64/Thinknice.F potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\SearchProtect32.dll a variant of Win32/Thinknice.E potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\SearchProtect64.dll Win64/Thinknice.F potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe a variant of Win32/ELEX.AV potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\SupTab.dll Win32/Thinknice.B potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Program Files (x86)\SupTab\uninstall.exe Win32/Thinknice.E potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe a variant of Win32/Adware.PicColor.H application
C:\_OTL\MovedFiles\02012015_131019\C_ProgramData\1887373585\BIT925C.tmp a variant of Win32/SProtector.N potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_ProgramData\IePluginServices\PluginService.exe a variant of Win32/ELEX.AV potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Users\Owner\AppData\Roaming\BAPRHQA.exe a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Windows\SysNative\ColorMedia64.dll a variant of Win32/Adware.PicColor.C application
C:\_OTL\MovedFiles\02012015_131019\C_Windows\SysNative\drivers\cmwr.sys a variant of Win32/Adware.PicColor.C application
C:\_OTL\MovedFiles\02012015_131019\C_Windows\SysNative\drivers\{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}Gw64.sys a variant of Win64/BrowseFox.CG potentially unwanted application
C:\_OTL\MovedFiles\02012015_131019\C_Windows\SysWOW64\ColorMedia.dll a variant of Win32/Adware.PicColor.C application