Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uTorrent causing BSOD. (Driver IRQL NOT LESS OR EQUAL)


  • Please log in to reply
18 replies to this topic

#1 Yashar

Yashar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 30 November 2014 - 10:23 AM

Hey everyone, whenever I open uTorrent my computer would crash after about 5 minutes or so. Trying other torrent programs such as Bit Torrent and Frost Wire also ended with the same result. Below is my minidump, I also attached the full dumps zip files.

 

Thank you

 

==================================================
Dump File         : 113014-35859-01.dmp
Crash Time        : 30/11/2014 10:07:52
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 00000000`00000028
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`02554fd2
Caused By Driver  : rasl2tp.sys
Caused By Address : rasl2tp.sys+1d7f538
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+5a540
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\113014-35859-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9200
Dump File Size    : 304,392
Dump File Time    : 30/11/2014 10:09:00
==================================================
 
==================================================
Dump File         : 113014-39171-01.dmp
Crash Time        : 30/11/2014 09:59:58
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 00000000`00000028
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`0201cfd2
Caused By Driver  : NETIO.SYS
Caused By Address : NETIO.SYS+1cfd2
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+5a540
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\113014-39171-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9200
Dump File Size    : 313,016
Dump File Time    : 30/11/2014 10:01:16
==================================================
 
==================================================
Dump File         : 112714-23265-01.dmp
Crash Time        : 27/11/2014 09:53:41
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 00000000`00000028
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`0201cfd2
Caused By Driver  : raspppoe.sys
Caused By Address : raspppoe.sys+55c5010
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+5a540
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\112714-23265-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9200
Dump File Size    : 306,696
Dump File Time    : 27/11/2014 09:54:40
==================================================

Attached Files

  • Attached File  BSOD.zip   99.65KB   0 downloads

Edited by hamluis, 01 December 2014 - 03:11 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dicke

dicke

    Paraclete


  • Members
  • 2,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:05:06 AM

Posted 01 December 2014 - 02:24 PM

Welcome,

I'm going to guess that you have been infected. Those sites are know to be serious infection spreaders.


Stay well and surf safe [stay protected]

Dick E


#3 Yashar

Yashar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 01 December 2014 - 02:29 PM

It's a good chance that happened yes.

#4 dicke

dicke

    Paraclete


  • Members
  • 2,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:05:06 AM

Posted 01 December 2014 - 03:10 PM

Time to move to the correct forum to get the right type of help

I've asked a moderator to move this thread into the Am I infected forum


Stay well and surf safe [stay protected]

Dick E


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 01 December 2014 - 05:28 PM

Using any torrent, file sharing, peer-to-peer (P2P) program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze, Skype, etc) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some cases the computer could be turned into a malware honeypot or zombie.

File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge.

...It is almost never safe to download executable programs from peer-to-peer file sharing networks because they are a major source of malware infections.

Software Cracks: A Great Way to Infect Your PC

Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Further some file sharing programs are bundled with other free software you may download (sometimes without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, and browser hijackers as well as malware.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.Since the nature of P2P programs is counter productive to restoring your computer to a healthy state, you need to remove all such programs before we continue to reduce the risk of infection and keep your system clean. If you choose not to do that, then we are just wasting time trying to clean your system.

When you have done that, let me know and I will provide further instructions.

Using P2P programs, file sharing or browsing torrent sites is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Yashar

Yashar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 01 December 2014 - 06:16 PM

I successfully uninstalled uTorrent

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 01 December 2014 - 06:45 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[RX].txt) will open in Notepad (where the largest value of # represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
.
4. As a final step, download, install and perform a THREAT SCAN with Malwarebytes Anti-Malware 2.0. Be sure to print out and follow these instructions.

When done, please post the complete results of your Malwarebytes scan for review.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 maggot7

maggot7

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 03 December 2014 - 01:57 PM

Is anyone going to mention that uTorrent has nothing to do with rasl2tp.sys?

 

Yashar, uTorrent almost certainly did not cause this problem. BUT, torrents are a perfect vehicle for spreading malware if you're not extremely cautious as to what you download. However, the torrent network is quite frowned upon by IT professionals. Therefore; if anyone even mentions a torrent client or the torrent network on this forum, EVERYONE will tell you to remove it regardless whether it is relevant to the problem or not.

 

Not looking to stoke the flames or start an argument, as this is kind of a hot button topic but the OP deserves accurate, unbiased information and not a witch hunt.


Edited by maggot7, 03 December 2014 - 01:59 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 03 December 2014 - 02:16 PM

Is anyone going to mention that uTorrent has nothing to do with rasl2tp.sys?

 

No one claimed it did.

I merely said...

Since the nature of P2P programs is counter productive to restoring your computer to a healthy state, you need to remove all such programs before we continue to reduce the risk of infection and keep your system clean. If you choose not to do that, then we are just wasting time trying to clean your system.

 

That is accurate information and why most of our MRT experts here (and at other security forums) will essentially say the same thing.

If you disagree or feel this issue is a hot button topic, then start your own discussion topic about it rather than interjecting your feelings about our advice on the use of torrents in someone else's topic.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 maggot7

maggot7

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 03 December 2014 - 02:46 PM

 

Is anyone going to mention that uTorrent has nothing to do with rasl2tp.sys?

 

No one claimed it did.

 

That is completely disingenuous. Allowing the OP to continuing blaming that program is obviously intentional.

 

I was pretty explicit when I said my intention is not to start a discussion or debate and I did not inject any opinions, SO on with the diagnosis/malware removal! :grinner:


Edited by maggot7, 03 December 2014 - 02:46 PM.


#11 Yashar

Yashar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 03 December 2014 - 06:30 PM

Ok. I scanned with RKill, here's the log.

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/03/2014 07:18:45 PM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * CltMngSvc Stopped. [Win32/Conduit.SearchProtect.B]
 
1 service stopped!
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 4216) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Advanced Explorer Setting Removed:  HideIcons [HKCU]
 
Backup Registry file created at:
 C:\Users\Justin\Desktop\rkill\rkill-12-03-2014-07-19-35.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\Windows\apppatch\nbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/03/2014 07:26:51 PM
Execution time: 0 hours(s), 8 minute(s), and 6 seconds(s)


#12 Yashar

Yashar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 03 December 2014 - 06:38 PM

lava b8 software__3039_i825890408_il1502315.exe has been detected on numerous occasions by my Antivirus Zone Alarm. I would treat it, but the next time I reboot my computer and open the folder its in it would be found again... I hope this process gets rid of this virus.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 03 December 2014 - 06:40 PM

Do not reboot. Continue as instructed above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Yashar

Yashar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 03 December 2014 - 07:21 PM

# AdwCleaner v4.103 - Report created 03/12/2014 at 19:51:10
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Justin - ACOBI-PC
# Running from : C:\Users\Justin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : CltMngSvc
Service Deleted : SPPD
Service Deleted : {b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
[!] Folder Deleted : C:\ProgramData\iolo
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\iolo
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\iolo
Folder Deleted : C:\Users\Justin\AppData\Local\jZip
Folder Deleted : C:\Users\Justin\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Justin\AppData\Local\Temp\HulaToo
Folder Deleted : C:\Users\Justin\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Justin\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Justin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Justin\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Justin\AppData\Roaming\iolo
Folder Deleted : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ymuha8h6.default-1396516781143\Extensions\ffxtlbr@zonealarm.com
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64.sys
File Deleted : C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Justin\Desktop\jZip.lnk
File Deleted : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ymuha8h6.default-1396516781143\searchplugins\zonealarm.xml
File Deleted : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ymuha8h6.default-1396516781143\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : AmiUpdXp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\jZip
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17148
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[ymuha8h6.default-1396516781143\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=25ad639ddc7a4a599ae8cf11b63ee514&tu=10Go800E52D03M0&sku=&tstsId=&ver=&&q=");
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [10442 octets] - [03/12/2014 19:40:40]
AdwCleaner[S0].txt - [10020 octets] - [03/12/2014 19:51:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10081 octets] ##########


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 03 December 2014 - 07:51 PM

Keep going.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users