1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help I have a virus of sorts

Discussion in 'Virus & Other Malware Removal' started by cocapee1, Jul 8, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: Intel(R) Celeron(R) CPU E1200 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 2815 Mb
    Graphics Card: NVIDIA GeForce 7050 / NVIDIA nForce 610i, 256 Mb
    Hard Drives: C: Total - 152524 MB, Free - 78945 MB;
    Motherboard: Packard Bell BV, MCP73VT-PM
    Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled

    I'm getting annoyed with a box that comes up saying bad image c:progra1\amazon\amazon-1\amazon1dll says is either not designed to run on windows or it contains an error.try installing the program again using the original installation media or contact your system administrator or the software vendor for support.. I have no idea why this started it was easy to get rid of at first by pressing the ok button but now i cant get rid please can you help?
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Hi cocapee1,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    Feel free to use separate replies if it's more convenient.
    If there is anything you don't know how to do, please stop and ask.
    askey127
     
  3. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    I hope this is the info you need.
    dditional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
    Ran by Admin at 2014-07-08 15:58:23
    Running from C:\Users\Admin\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Acer Docs Office AddIn (HKLM\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
    Acer Portal (HKLM\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.01.2006 - Acer Incorporated)
    Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
    Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    AOP Framework (HKLM\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.01.2008.3 - Acer Incorporated)
    AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
    AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
    AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden
    AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
    BBC iPlayer Downloads (HKLM\...\{E7C9165A-50C1-40E4-B11F-41FC1553D7FD}) (Version: 1.7.3 - BBC)
    Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
    Call of Atlantis: Treasures of Poseidon Collector's Edition (Version: 3.0.2.59 - WildTangent) Hidden
    Castle Secrets: Between Day and Night (Version: 3.0.2.59 - WildTangent) Hidden
    CSI-3 Dimensions of Murder 1.0 (HKLM\...\CSI-3 Dimensions of Murder) (Version: 1.0 - Ubisoft)
    Dark Tales: Edgar Allan Poe's The Premature Burial (Version: 3.0.2.59 - WildTangent) Hidden
    Doors of the Mind: Inner Mysteries (HKLM\...\BFG-Doors of the Mind - Inner Mysteries) (Version: - )
    Found: A Hidden Object Adventure (HKLM\...\BFG-Found - A Hidden Object Adventure) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    GoToAssist Corporate (Version: 9.0.570 - Citrix) Hidden
    Grim Facade: Mystery of Venice (HKLM\...\BFG-Grim Facade - Mystery of Venice) (Version: - )
    Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
    Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.240 - Oracle)
    K-Lite Codec Pack 6.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
    LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Mystery Case Files &reg;: 13th Skull ™ (HKLM\...\BFG-Mystery Case Files - 13th Skull) (Version: - )
    Mystery Case Files: Return to Ravenhearst ™ (HKLM\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
    NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
    OpenOffice.org 3.3 (HKLM\...\{E2E74A70-1D0D-48CE-9F76-EE7122A975BB}) (Version: 3.3.9556 - OpenOffice.org)
    Plusnet Assist (HKLM\...\Plusnet Assist) (Version: - )
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    Redemption Cemetery: Curse of the Raven Collector's Edition (HKLM\...\BFG-Redemption Cemetery - Curse of the Raven Collector's Edition) (Version: - )
    Shades of Death: Royal Blood (HKLM\...\BFG-Shades of Death - Royal Blood) (Version: - )
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Curse of Silent Marshes (Version: 3.0.2.59 - WildTangent) Hidden
    The Hidden Prophecies of Nostradamus (HKLM\...\BFG-The Hidden Prophecies of Nostradamus) (Version: - )
    The Mystery of The Mummy (HKLM\...\{1FAB0A3A-88AB-44AC-9423-B71AD4491EEE}) (Version: 1.00.0000 - Frogwares)
    Time Mysteries: Inheritance (HKLM\...\BFG-Time Mysteries - Inheritance) (Version: - )
    Torch (HKCU\...\Torch) (Version: 33.0.0.7027 - Torch Media, Inc) <==== ATTENTION
    Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
    WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Version: 4.0.11.9 - WildTangent) Hidden
    Yahoo Community Smartbar (HKLM\...\{D96EBFC0-C680-4463-B4F0-299E48771819}) (Version: 11.38.66.16134 - Linkury Inc.) <==== ATTENTION
    Yahoo Community Smartbar Engine (HKCU\...\{69e767ba-e7f3-4850-a688-0fde48375f44}) (Version: 11.38.66.16134 - Linkury Inc.) <==== ATTENTION
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

    ==================== Restore Points =========================

    01-06-2014 18:26:29 Windows Backup
    09-06-2014 11:24:16 Windows Backup
    16-06-2014 09:29:36 Windows Backup
    23-06-2014 10:37:51 Windows Backup
    04-07-2014 13:09:26 Windows Backup
    07-07-2014 09:48:17 Windows Backup

    ==================== Hosts content: ==========================

    2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0C7DF923-1ACC-4592-AC0C-D9847E74FDE1} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\system32\Adobe\Shockwave 12\SymInstallStub.exe
    Task: {3890AB2A-73D9-419C-9EA0-57A5FE071C27} - System32\Tasks\IHUninstallTrackingTASK => CMD
    Task: {41FBBC7B-BA55-49B1-B380-EC3C2EBD2F50} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-08] (globalUpdate) <==== ATTENTION
    Task: {5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE} - System32\Tasks\ViewPassword Update => C:\Program Files\ViewPassword-soft\ViewPasswordW11.exe <==== ATTENTION
    Task: {7A9D60ED-75E2-4B26-82CF-72E239109BDC} - System32\Tasks\MySearchDial => C:\Users\Admin\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
    Task: {8313C386-9B33-4706-A813-B54ADE4B5C3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-07] (Adobe Systems Incorporated)
    Task: {880BE4D6-1408-417E-A8FC-5C84E3881AC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
    Task: {A048289F-DEED-49AA-982C-5E1AEE6406CB} - System32\Tasks\IHSelfDeleteTASK => CMD
    Task: {A51911D7-D038-4EEB-AD61-5A56DC920793} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Admin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [2014-07-08] (Sien SA)
    Task: {A753E0A2-E3E7-48C1-AFD9-25B7DB982C67} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-08] (globalUpdate) <==== ATTENTION
    Task: {B5E24D27-05E5-4DC7-A5E2-90A51DF2A100} - System32\Tasks\AcerCloud => C:\Program Files\Acer\Acer Portal\AcerPortal.exe [2014-06-30] ()
    Task: {E12D03DA-3E14-4C88-B558-EC12B735F5A9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D} - System32\Tasks\ViewPassword_wd => C:\Program Files\ViewPassword-soft\ViewPasswordFIXQNw.exe <==== ATTENTION
    Task: {EA835565-7D06-4D3E-934B-F644EB72E656} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\system32\Adobe\Shockwave 12\SymInstallStub.exe
    Task: C:\Windows\Tasks\ViewPassword Update.job => C:\Program Files\ViewPassword-soft\ViewPasswordW11.exe
    Task: C:\Windows\Tasks\ViewPassword_wd.job => C:\Program Files\ViewPassword-soft\ViewPasswordFIXQNw.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-25 08:55 - 2014-03-25 08:55 - 00036632 _____ () C:\Program Files\LPT\srpts.exe
    2014-03-25 08:55 - 2014-03-25 08:55 - 00077080 _____ () C:\Program Files\LPT\srpt.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00022296 _____ () C:\Program Files\LPT\srptc.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00018200 _____ () C:\Program Files\LPT\Smartbar.Common.dll
    2014-03-26 11:44 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2014-07-08 14:22 - 2014-07-08 14:22 - 00541696 _____ () C:\Program Files\003\xmkysecqun32.exe
    2011-12-21 03:35 - 2014-03-28 08:28 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe
    2014-07-08 10:23 - 2014-07-08 10:24 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2014-06-26 21:49 - 2014-06-26 21:49 - 00013568 _____ () C:\Program Files\Acer\AOP Framework\ServiceInterface.dll
    2014-06-30 23:04 - 2014-06-30 23:04 - 00277096 _____ () C:\Program Files\Acer\Acer Portal\libcurl.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00045848 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00067864 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srau.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00164632 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 02281752 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00065816 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\spbl.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00153880 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00013592 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\siem.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00062744 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\sppsm.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00695576 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00014104 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00077592 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00026392 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00055576 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srut.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00028440 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srsbs.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00064280 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00029976 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srom.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00029976 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\smtu.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00038168 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\smta.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00023320 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\sgml.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00042776 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srbu.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00060696 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00023832 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srpdm.dll
    2014-03-25 08:53 - 2014-03-25 08:53 - 00042264 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00034584 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00254232 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\srns.dll
    2014-07-08 10:34 - 2014-06-30 23:13 - 02524416 _____ () C:\Program Files\Acer\Acer Portal\acpanel_win.exe
    2014-06-30 23:13 - 2014-06-30 23:13 - 00203008 _____ () C:\Program Files\Acer\Acer Portal\curllib.dll
    2014-06-30 23:13 - 2014-06-30 23:13 - 00119552 _____ () C:\Program Files\Acer\Acer Portal\OpenLDAP.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00022296 _____ () C:\Users\Admin\AppData\Local\LPT\srptm.exe
    2014-03-25 08:55 - 2014-03-25 08:55 - 00077080 _____ () C:\Users\Admin\AppData\Local\LPT\srpt.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00022296 _____ () C:\Users\Admin\AppData\Local\LPT\srptc.dll
    2014-03-25 08:53 - 2014-03-25 08:53 - 00018200 _____ () C:\Users\Admin\AppData\Local\LPT\Smartbar.Common.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00055576 _____ () C:\Users\Admin\AppData\Local\LPT\srut.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00062744 _____ () C:\Users\Admin\AppData\Local\LPT\sppsm.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00153880 _____ () C:\Users\Admin\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00026392 _____ () C:\Users\Admin\AppData\Local\LPT\Smartbar.Personalization.Common.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00164632 _____ () C:\Users\Admin\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00042776 _____ () C:\Users\Admin\AppData\Local\LPT\srbu.dll
    2014-03-25 08:55 - 2014-03-25 08:55 - 00023832 _____ () C:\Users\Admin\AppData\Local\LPT\srpdm.dll
    2014-03-25 08:54 - 2014-03-25 08:54 - 00036632 _____ () C:\Users\Admin\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
    2014-04-01 13:00 - 2014-04-01 13:00 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
    2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    2014-03-25 08:53 - 2014-03-25 08:53 - 00021784 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\Lrcnta.exe
    2014-03-25 08:53 - 2014-03-25 08:53 - 00028952 _____ () C:\Users\Admin\AppData\Local\Smartbar\Application\lrcnt.dll
    2014-06-15 11:03 - 2014-06-05 14:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
    2014-06-15 11:03 - 2014-06-05 14:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
    2014-06-15 11:03 - 2014-06-05 14:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
    2014-06-15 11:03 - 2014-06-05 14:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
    2014-06-15 11:03 - 2014-06-05 14:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
    2014-06-15 11:03 - 2014-06-05 14:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:1234ADAE
    AlternateDataStreams: C:\ProgramData\TEMP:1B389835
    AlternateDataStreams: C:\ProgramData\TEMP:206470A5
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
    AlternateDataStreams: C:\ProgramData\TEMP:5080697C
    AlternateDataStreams: C:\ProgramData\TEMP:52C24010
    AlternateDataStreams: C:\ProgramData\TEMP:9491C9C7
    AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
    AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
    AlternateDataStreams: C:\ProgramData\TEMP:C63E7DE2
    AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
    AlternateDataStreams: C:\ProgramData\TEMP:EFECABA9

    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========


    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/08/2014 02:20:50 PM) (Source: MsiInstaller) (EventID: 11309) (User: Admin-PC)
    Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

    Error: (07/08/2014 02:16:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft Office 2010.exe, version: 3.1.13.24, time stamp: 0x53bac5a9
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000005
    Fault offset: 0x000477a2
    Faulting process id: 0xd28
    Faulting application start time: 0xMicrosoft Office 2010.exe0
    Faulting application path: Microsoft Office 2010.exe1
    Faulting module path: Microsoft Office 2010.exe2
    Report Id: Microsoft Office 2010.exe3

    Error: (07/08/2014 01:41:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 35.0.1916.153 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b54

    Start Time: 01cf9aa7cc219aa0

    Termination Time: 48

    Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

    Report Id: 2e8f60d1-069d-11e4-a7c1-001e90461b67

    Error: (07/07/2014 00:12:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 182c

    Start Time: 01cf99d3ed1d0160

    Termination Time: 282

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (06/19/2014 07:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ViewPasswordFIXQNw.exe, version: 1.173.0.0, time stamp: 0x5397f4a5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0x8d8
    Faulting application start time: 0xViewPasswordFIXQNw.exe0
    Faulting application path: ViewPasswordFIXQNw.exe1
    Faulting module path: ViewPasswordFIXQNw.exe2
    Report Id: ViewPasswordFIXQNw.exe3

    Error: (06/15/2014 10:11:50 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 35.0.1916.114, time stamp: 0x53726019
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00760061
    Faulting process id: 0x1860
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (06/15/2014 10:07:03 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ViewPasswordRo173.exe, version: 1.173.0.0, time stamp: 0x5397f4a1
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0x1254
    Faulting application start time: 0xViewPasswordRo173.exe0
    Faulting application path: ViewPasswordRo173.exe1
    Faulting module path: ViewPasswordRo173.exe2
    Report Id: ViewPasswordRo173.exe3

    Error: (06/12/2014 01:08:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ViewPasswordFIXQNw.exe, version: 1.173.0.0, time stamp: 0x5397f4a5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0x8b8
    Faulting application start time: 0xViewPasswordFIXQNw.exe0
    Faulting application path: ViewPasswordFIXQNw.exe1
    Faulting module path: ViewPasswordFIXQNw.exe2
    Report Id: ViewPasswordFIXQNw.exe3

    Error: (06/12/2014 10:12:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: hsswd.exe, version: 0.0.0.0, time stamp: 0x51087583
    Faulting module name: hsswd.exe, version: 0.0.0.0, time stamp: 0x51087583
    Exception code: 0xc0000005
    Fault offset: 0x0003da4e
    Faulting process id: 0x324
    Faulting application start time: 0xhsswd.exe0
    Faulting application path: hsswd.exe1
    Faulting module path: hsswd.exe2
    Report Id: hsswd.exe3

    Error: (06/09/2014 00:17:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: Admin-PC)
    Description: Product: Adobe Reader X (10.1.10) - Update 'Adobe Reader X (10.1.10)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


    System errors:
    =============
    Error: (07/08/2014 03:06:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The RBClientService service terminated unexpectedly. It has done this 4 time(s).

    Error: (07/08/2014 03:01:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The RBClientService service terminated unexpectedly. It has done this 3 time(s).

    Error: (07/08/2014 03:00:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The RBClientService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

    Error: (07/08/2014 02:59:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The RBClientService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

    Error: (07/08/2014 02:57:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    netfilter2

    Error: (07/08/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update LinkiDoo service failed to start due to the following error:
    %%2

    Error: (07/08/2014 02:22:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The netfilter2 service failed to start due to the following error:
    %%193

    Error: (07/08/2014 02:12:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The GlobalUpdater service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (07/08/2014 02:12:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (07/08/2014 00:17:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update LinkiDoo service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (07/08/2014 02:20:50 PM) (Source: MsiInstaller) (EventID: 11309) (User: Admin-PC)
    Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (07/08/2014 02:16:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Microsoft Office 2010.exe3.1.13.2453bac5a9ntdll.dll6.1.7601.18247521ea91cc0000005000477a2d2801cf9aae22698f20C:\Users\Admin\Downloads\Microsoft Office 2010.exeC:\Windows\SYSTEM32\ntdll.dll086273c0-06a2-11e4-a7c1-001e90461b67

    Error: (07/08/2014 01:41:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: chrome.exe35.0.1916.153b5401cf9aa7cc219aa048C:\Program Files\Google\Chrome\Application\chrome.exe2e8f60d1-069d-11e4-a7c1-001e90461b67

    Error: (07/07/2014 00:12:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe11.0.9600.17126182c01cf99d3ed1d0160282C:\Program Files\Internet Explorer\iexplore.exe

    Error: (06/19/2014 07:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ViewPasswordFIXQNw.exe1.173.0.05397f4a5unknown0.0.0.000000000c0000005000000008d801cf8bed30fb0930C:\Program Files\ViewPassword-soft\ViewPasswordFIXQNw.exeunknown80087df0-f7e0-11e3-b32d-001e90461b67

    Error: (06/15/2014 10:11:50 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe35.0.1916.11453726019unknown0.0.0.000000000c000000500760061186001cf8879c3d5e8f0C:\Program Files\Google\Chrome\Application\chrome.exeunknown1568f720-f46d-11e3-a7b6-001e90461b67

    Error: (06/15/2014 10:07:03 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ViewPasswordRo173.exe1.173.0.05397f4a1unknown0.0.0.000000000c000000500000000125401cf8879293160e0C:\Program Files\ViewPassword-soft\ViewPasswordRo173.exeunknown69e93f90-f46c-11e3-a7b6-001e90461b67

    Error: (06/12/2014 01:08:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ViewPasswordFIXQNw.exe1.173.0.05397f4a5unknown0.0.0.000000000c0000005000000008b801cf8637050d2ad0C:\Program Files\ViewPassword-soft\ViewPasswordFIXQNw.exeunknown4ddfc650-f22a-11e3-aeaf-001e90461b67

    Error: (06/12/2014 10:12:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: hsswd.exe0.0.0.051087583hsswd.exe0.0.0.051087583c00000050003da4e32401cf861e31ee8da0C:\Program Files\Hotspot Shield\bin\hsswd.exeC:\Program Files\Hotspot Shield\bin\hsswd.exeb260d0b0-f211-11e3-a728-001e90461b67

    Error: (06/09/2014 00:17:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: Admin-PC)
    Description: Adobe Reader X (10.1.10)Adobe Reader X (10.1.10)1603(NULL)(NULL)(NULL)


    ==================== Memory info ===========================

    Percentage of memory in use: 55%
    Total physical RAM: 2815.24 MB
    Available physical RAM: 1240.44 MB
    Total Pagefile: 5628.77 MB
    Available Pagefile: 3892.34 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.08 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.95 GB) (Free:78.43 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 051A3FF7)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    i think the last message was additional
    this should be the first.
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
    Ran by Admin (administrator) on ADMIN-PC on 08-07-2014 16:04:50
    Running from C:\Users\Admin\Downloads
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
    (Acer Incorporated) C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe
    (Acer Cloud Technology) C:\Program Files\Acer\AOP Framework\acer\ccd.exe
    () C:\Program Files\LPT\srpts.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgemcx.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (TorchMedia Inc.) C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe
    (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
    () C:\Program Files\003\xmkysecqun32.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    () C:\Program Files\AVG Secure Search\vprot.exe
    (MusicLab, LLC) C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Acer Incorporated) C:\Program Files\Acer\AOP Framework\BackgroundAgent.exe
    (Smartbar) C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    () C:\Program Files\Acer\Acer Portal\acpanel_win.exe
    () C:\Users\Admin\AppData\Local\LPT\srptm.exe
    () C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
    () C:\Users\Admin\AppData\Local\Smartbar\Application\Lrcnta.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
    HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-28] ()
    HKLM\...\Run: [ROC_roc_dec12] => C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe [928096 2012-01-29] ()
    HKLM\...\Run: [DATAMNGR] => C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe [1693800 2012-03-04] (MusicLab, LLC)
    HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
    HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe [1841664 2012-06-25] (Alcatel-Lucent)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-18] (Adobe Systems Incorporated)
    HKLM\...\Run: [BacKGround Agent] => C:\Program Files\Acer\AOP Framework\BackgroundAgent.exe [53504 2014-06-26] (Acer Incorporated)
    HKU\S-1-5-21-931817447-3520280017-1634671453-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
    HKU\S-1-5-21-931817447-3520280017-1634671453-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe [26904 2014-03-25] (Smartbar)
    HKU\S-1-5-21-931817447-3520280017-1634671453-1000\...\Run: [Wallpaper Changer] => C:\Program Files\Wallpaper Changer\Wallpaper Changer.exe /minimized
    HKU\S-1-5-21-931817447-3520280017-1634671453-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-14] (Google Inc.)
    HKU\S-1-5-21-931817447-3520280017-1634671453-1000\...\Run: [AcerCloud] => C:\Program Files\Acer\Acer Portal\acpanel_win.exe [2524416 2014-06-30] ()
    AppInit_DLLs: c:\progra~1\amazon\amazon~1\\amazon~1.dll => c:\Program Files\Amazon\AMAZON~1\\AMAZON~1.DLL [20 2014-07-07] ()
    IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
    ShellIconOverlayIdentifiers: ACloudSyncedRF -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files\Acer\Acer Portal\Win32\shellext_win.dll (Acer Incorporated)
    ShellIconOverlayIdentifiers: ACloudSyncedSF -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files\Acer\Acer Portal\Win32\shellext_win.dll (Acer Incorporated)
    ShellIconOverlayIdentifiers: ACloudSyncing -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files\Acer\Acer Portal\Win32\shellext_win.dll (Acer Incorporated)
    ShellIconOverlayIdentifiers: ACloudToBeSynced -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files\Acer\Acer Portal\Win32\shellext_win.dll (Acer Incorporated)
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    ProxyServer: 
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGIsQmua-T5gvDMs8RB4JvC1gX9VFgBjMeb0hdkKKY_HpFukA-hDHhNRaOFnX6YoqK5haVz5LAOCtftaHAUWJ2EJAahEKj7Jj6Qw-1AJKhfRk2zng6HZ5cXzcuZ1R2odxGNS46nHyFamCYHpJQZOw7tk_XPRL4k3NVCQ,&q={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?p=mKO_Aw...PFoUYKgm0Q3TyReCyMSluoZ2eT1NDAlt-Jzrf-Mm9hufQ,
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGIsQmua-T5gvDMs8RB4JvC1gX9VFgBjMeb0hdkKKY_HpFukA-hDHhNRaOFnX6YoqK5haVz5LAOCtftaHAUWJ2EJAahEKj7Jj6Qw-1AJKhfRk2zng6HZ5cXzcuZ1R2odxGNS46nHyFamCYHpJQZOw7tk_XPRL4k3NVCQ,&q={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=14048...0215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=14048...0215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=14048...0215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGIsQmua-T5gvDMs8RB4JvC1gX9VFgBjMeb0hdkKKY_HpFukA-hDHhNRaOFnX6YoqK5haVz5LAOCtftaHAUWJ2EJAahEKj7Jj6Qw-1AJKhfRk2zng6HZ5cXzcuZ1R2odxGNS46nHyFamCYHpJQZOw7tk_XPRL4k3NVCQ,&q={searchTerms}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGIsQmua-T5gvDMs8RB4JvC1gX9VFgBjMeb0hdkKKY_HpFukA-hDHhNRaOFnX6YoqK5haVz5LAOCtftaHAUWJ2EJAahEKj7Jj6Qw-1AJKhfRk2zng6HZ5cXzcuZ1R2odxGNS46nHyFamCYHpJQZOw7tk_XPRL4k3NVCQ,&q={searchTerms}
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGIsQmua-T5gvDMs8RB4JvC1gX9VFgBjMeb0hdkKKY_HpFukA-hDHhNRaOFnX6YoqK5haVz5LAOCtftaHAUWJ2EJAahEKj7Jj6Qw-1AJKhfRk2zng6HZ5cXzcuZ1R2odxGNS46nHyFamCYHpJQZOw7tk_XPRL4k3NVCQ,&q={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - No File
    BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
    BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: ViewPassword - {AB459529-F538-368B-1E8E-D4E5504B00E6} - C:\Program Files\ViewPassword-soft\173.dll ()
    BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL No File
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
    BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll No File
    FF Plugin: @ei.FilmFanatic.com/Plugin - C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll (FilmFanatic)
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
    FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: TorchVLC - C:\Users\Admin\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
    FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
    FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-03-30]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Secure Search\10.2.0.3
    FF HKCU\...\Firefox\Extensions: [{DA2052AA-BF27-329D-45F7-3643F2CB982D}] - C:\Program Files\ViewPassword-soft\173.xpi
    FF Extension: ViewPassword - C:\Program Files\ViewPassword-soft\173.xpi [2014-06-12]

    Chrome:
    =======
    CHR HomePage:
    CHR StartupUrls: "hxxp://www.v9.com/?type=hp&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd"
    CHR DefaultSearchKeyword: v9
    CHR DefaultSearchProvider: v9
    CHR DefaultSearchURL: http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll No File
    CHR Plugin: (FilmFanatic Installer Plugin Stub) - C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll (FilmFanatic)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-28]
    CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-28]
    CHR Extension: (AVG Safe Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2014-04-01]
    CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-07-08]
    CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-28]
    CHR Extension: (Quick start) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-08]
    CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-28]
    CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
    CHR HKLM\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarm.crx [2013-11-19]
    CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-08]

    ========================== Services (Whitelisted) =================

    S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
    R2 CCDMonitorService; C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated)
    S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-10] (WildTangent)
    S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-08] (globalUpdate) [File not signed]
    S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-08] (globalUpdate) [File not signed]
    R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [36632 2014-03-25] ()
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
    R2 TorchCrashHandler; C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe [1216520 2014-06-08] (TorchMedia Inc.)
    R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-28] (AVG Secure Search)
    R2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe [541696 2014-07-08] () [File not signed]
    S2 Update LinkiDoo; "C:\Program Files\LinkiDoo\updateLinkiDoo.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
    R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-06-12] (NetFilterSDK.com) [File not signed]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-08 15:58 - 2014-07-08 15:59 - 00029945 _____ () C:\Users\Admin\Downloads\Addition.txt
    2014-07-08 15:57 - 2014-07-08 16:05 - 00022474 _____ () C:\Users\Admin\Downloads\FRST.txt
    2014-07-08 15:56 - 2014-07-08 16:04 - 00000000 ____D () C:\FRST
    2014-07-08 15:56 - 2014-07-08 15:56 - 01074688 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
    2014-07-08 15:46 - 2014-07-08 15:46 - 01632144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\setupconsumerc2rolw.exe
    2014-07-08 15:05 - 2014-07-08 15:05 - 00001154 _____ () C:\Users\Admin\Desktop\Live PC Help.lnk
    2014-07-08 14:41 - 2014-07-08 14:41 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo (3).exe
    2014-07-08 14:40 - 2014-07-08 14:40 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo (2).exe
    2014-07-08 14:39 - 2014-07-08 14:39 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo (1).exe
    2014-07-08 14:38 - 2014-07-08 14:38 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo.exe
    2014-07-08 14:36 - 2014-07-08 14:36 - 01075776 _____ (OR Interactive Ltd) C:\Users\Admin\Downloads\IDM2.exe
    2014-07-08 14:29 - 2014-07-08 14:29 - 00000000 ____D () C:\Systweak
    2014-07-08 14:22 - 2014-07-08 15:05 - 00000000 ____D () C:\Program Files\suprasavings
    2014-07-08 14:20 - 2014-07-08 14:57 - 00000934 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2014-07-08 14:20 - 2014-07-08 14:25 - 00000938 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
    2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\globalUpdate
    2014-07-08 14:19 - 2014-07-08 14:22 - 00000000 ____D () C:\Program Files\003
    2014-07-08 14:12 - 2014-07-08 15:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
    2014-07-08 14:12 - 2014-07-08 14:55 - 00000000 ____D () C:\Program Files\FLVM Player
    2014-07-08 14:11 - 2014-07-08 14:11 - 00421608 _____ (Downloader corporation) C:\Users\Admin\Downloads\Microsoft Office 2010.exe
    2014-07-08 13:48 - 2014-07-08 13:48 - 00774576 _____ (AirInstaller ) C:\Users\Admin\Downloads\microsoftword2010.exe
    2014-07-08 12:18 - 2014-07-08 12:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\iGware
    2014-07-08 10:34 - 2014-07-08 10:34 - 00001885 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
    2014-07-08 10:23 - 2014-07-08 10:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\AOP SDK
    2014-07-08 10:22 - 2014-07-08 10:22 - 00000000 ____D () C:\acer
    2014-06-15 10:10 - 2014-07-08 15:23 - 00000540 ____H () C:\Windows\Tasks\Norton Product InstallerIdle.job
    2014-06-15 10:09 - 2014-06-15 10:09 - 04990544 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
    2014-06-12 20:05 - 2014-06-12 20:05 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
    2014-06-12 11:25 - 2014-07-08 14:57 - 00000400 _____ () C:\Windows\Tasks\ViewPassword Update.job
    2014-06-12 11:25 - 2014-07-08 14:57 - 00000390 _____ () C:\Windows\Tasks\ViewPassword_wd.job
    2014-06-12 11:25 - 2014-07-07 11:27 - 00000000 ____D () C:\Program Files\ViewPassword-soft
    2014-06-12 10:09 - 2014-06-12 10:10 - 08052304 _____ () C:\Users\Admin\Downloads\HSS-3.42-install-hss-560-conduit.exe
    2014-06-12 09:52 - 2014-06-08 09:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-12 09:52 - 2014-06-08 09:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-12 09:52 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-12 09:52 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-12 09:52 - 2014-05-30 10:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-06-12 09:52 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-12 09:52 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-12 09:52 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-06-12 09:52 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-12 09:52 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-12 09:52 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-12 09:52 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-12 09:52 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-12 09:52 - 2014-05-30 09:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-06-12 09:52 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-06-12 09:52 - 2014-05-30 09:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-12 09:52 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-12 09:52 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-06-12 09:52 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-12 09:52 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-12 09:52 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-12 09:52 - 2014-05-30 08:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-12 09:52 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-12 09:52 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-12 09:52 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-06-12 09:52 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-12 09:52 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-12 09:52 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-12 09:52 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-12 09:52 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-06-12 09:52 - 2014-04-05 03:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-06-12 09:52 - 2014-04-05 03:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-06-12 09:52 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-06-12 09:52 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-06-12 09:52 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-06-12 09:52 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-06-12 09:51 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-06-12 09:30 - 2014-05-08 10:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-06-12 09:30 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

    ==================== One Month Modified Files and Folders =======

    2014-07-08 16:05 - 2014-07-08 15:57 - 00022474 _____ () C:\Users\Admin\Downloads\FRST.txt
    2014-07-08 16:04 - 2014-07-08 15:56 - 00000000 ____D () C:\FRST
    2014-07-08 15:59 - 2014-07-08 15:58 - 00029945 _____ () C:\Users\Admin\Downloads\Addition.txt
    2014-07-08 15:56 - 2014-07-08 15:56 - 01074688 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
    2014-07-08 15:46 - 2014-07-08 15:46 - 01632144 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\setupconsumerc2rolw.exe
    2014-07-08 15:33 - 2014-03-28 14:30 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-08 15:26 - 2011-08-19 20:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-07-08 15:25 - 2011-08-19 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\My Games
    2014-07-08 15:23 - 2014-06-15 10:10 - 00000540 ____H () C:\Windows\Tasks\Norton Product InstallerIdle.job
    2014-07-08 15:15 - 2014-04-01 13:15 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
    2014-07-08 15:12 - 2014-03-26 12:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-08 15:06 - 2014-04-01 13:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\systweak
    2014-07-08 15:06 - 2009-07-14 05:34 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-08 15:06 - 2009-07-14 05:34 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-08 15:05 - 2014-07-08 15:05 - 00001154 _____ () C:\Users\Admin\Desktop\Live PC Help.lnk
    2014-07-08 15:05 - 2014-07-08 14:22 - 00000000 ____D () C:\Program Files\suprasavings
    2014-07-08 15:02 - 2014-07-08 14:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
    2014-07-08 15:00 - 2011-01-18 19:19 - 01206353 _____ () C:\Windows\WindowsUpdate.log
    2014-07-08 14:57 - 2014-07-08 14:20 - 00000934 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2014-07-08 14:57 - 2014-06-12 11:25 - 00000400 _____ () C:\Windows\Tasks\ViewPassword Update.job
    2014-07-08 14:57 - 2014-06-12 11:25 - 00000390 _____ () C:\Windows\Tasks\ViewPassword_wd.job
    2014-07-08 14:57 - 2014-03-28 14:30 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-08 14:57 - 2011-12-06 13:08 - 00000000 ____D () C:\Program Files\Yahoo!
    2014-07-08 14:56 - 2014-04-01 12:53 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
    2014-07-08 14:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-08 14:55 - 2014-07-08 14:12 - 00000000 ____D () C:\Program Files\FLVM Player
    2014-07-08 14:55 - 2011-01-18 20:00 - 00079986 _____ () C:\Windows\PFRO.log
    2014-07-08 14:55 - 2009-07-14 05:39 - 00052805 _____ () C:\Windows\setupact.log
    2014-07-08 14:41 - 2014-07-08 14:41 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo (3).exe
    2014-07-08 14:40 - 2014-07-08 14:40 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo (2).exe
    2014-07-08 14:39 - 2014-07-08 14:39 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo (1).exe
    2014-07-08 14:38 - 2014-07-08 14:38 - 00509440 _____ (Tech Support Guy System) C:\Users\Admin\Downloads\SysInfo.exe
    2014-07-08 14:36 - 2014-07-08 14:36 - 01075776 _____ (OR Interactive Ltd) C:\Users\Admin\Downloads\IDM2.exe
    2014-07-08 14:29 - 2014-07-08 14:29 - 00000000 ____D () C:\Systweak
    2014-07-08 14:25 - 2014-07-08 14:20 - 00000938 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2014-07-08 14:22 - 2014-07-08 14:19 - 00000000 ____D () C:\Program Files\003
    2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
    2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\globalUpdate
    2014-07-08 14:16 - 2014-05-01 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
    2014-07-08 14:11 - 2014-07-08 14:11 - 00421608 _____ (Downloader corporation) C:\Users\Admin\Downloads\Microsoft Office 2010.exe
    2014-07-08 13:48 - 2014-07-08 13:48 - 00774576 _____ (AirInstaller ) C:\Users\Admin\Downloads\microsoftword2010.exe
    2014-07-08 13:39 - 2011-01-18 19:30 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-08 12:18 - 2014-07-08 12:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\iGware
    2014-07-08 10:34 - 2014-07-08 10:34 - 00001885 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
    2014-07-08 10:34 - 2014-04-26 10:36 - 00000000 ____D () C:\ProgramData\OEM
    2014-07-08 10:34 - 2014-04-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
    2014-07-08 10:34 - 2014-04-26 10:25 - 00000000 ____D () C:\Program Files\Acer
    2014-07-08 10:33 - 2014-04-26 10:25 - 00000000 ____D () C:\oem
    2014-07-08 10:33 - 2014-04-26 10:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\clear.fi
    2014-07-08 10:23 - 2014-07-08 10:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\AOP SDK
    2014-07-08 10:22 - 2014-07-08 10:22 - 00000000 ____D () C:\acer
    2014-07-08 10:22 - 2011-01-19 12:25 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
    2014-07-07 11:27 - 2014-06-12 11:25 - 00000000 ____D () C:\Program Files\ViewPassword-soft
    2014-07-07 10:53 - 2014-03-26 12:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-07-07 10:53 - 2012-03-01 19:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-06-30 17:34 - 2014-04-01 13:14 - 00018272 _____ (System Speedup) C:\Windows\system32\roboot.exe
    2014-06-19 19:39 - 2011-01-19 12:25 - 00000000 ____D () C:\ProgramData\AVG10
    2014-06-15 11:04 - 2014-03-28 14:31 - 00002048 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-06-15 10:23 - 2011-01-18 19:44 - 00000000 ____D () C:\Windows\system32\Adobe
    2014-06-15 10:23 - 2011-01-18 19:43 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-06-15 10:09 - 2014-06-15 10:09 - 04990544 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
    2014-06-13 14:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
    2014-06-13 13:00 - 2014-04-26 10:24 - 00000000 ____D () C:\Users\Admin\PicStream
    2014-06-12 20:05 - 2014-06-12 20:05 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
    2014-06-12 10:10 - 2014-06-12 10:09 - 08052304 _____ () C:\Users\Admin\Downloads\HSS-3.42-install-hss-560-conduit.exe
    2014-06-12 09:53 - 2014-04-23 15:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-06-12 09:42 - 2014-03-26 10:02 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-12 09:39 - 2011-01-18 19:57 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-06-10 18:04 - 2014-04-01 12:53 - 00001550 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2014-06-10 17:53 - 2014-04-01 12:50 - 00000000 ____D () C:\Users\Admin\AppData\Local\Torch
    2014-06-09 12:17 - 2011-01-19 10:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-06-08 09:48 - 2014-06-12 09:52 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-08 09:43 - 2014-06-12 09:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    Some content of TEMP:
    ====================
    C:\Users\Admin\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Admin\AppData\Local\Temp\BearShare_setup.exe
    C:\Users\Admin\AppData\Local\Temp\bfguni.exe
    C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe
    C:\Users\Admin\AppData\Local\Temp\dlLogic.exe
    C:\Users\Admin\AppData\Local\Temp\drm_dialogs.dll
    C:\Users\Admin\AppData\Local\Temp\IHU9932.tmp.exe
    C:\Users\Admin\AppData\Local\Temp\IHUEE63.tmp.exe
    C:\Users\Admin\AppData\Local\Temp\Installhelper.dll
    C:\Users\Admin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
    C:\Users\Admin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
    C:\Users\Admin\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
    C:\Users\Admin\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
    C:\Users\Admin\AppData\Local\Temp\setup.exe
    C:\Users\Admin\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Admin\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\Admin\AppData\Local\Temp\vcredist_x86.exe
    C:\Users\Admin\AppData\Local\Temp\zafwSetupWeb_120_121_000-4-.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-04 18:36

    ==================== End Of Log ============================
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    cocapee1,
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program (FRST.exe or FRST64.exe) and fixlist.txt be in the same location, or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system

    Run FRST and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    askey127
     

    Attached Files:

  6. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    Please tell me if this is right i'm trying my best..As you may have guessed not up to speed with computers.
    Content of fixlist:
    *****************
    Task: {5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE} - System32\Tasks\ViewPassword Update => C:\Program Files\ViewPassword-soft\ViewPasswordW11.exe <==== ATTENTION
    Task: {7A9D60ED-75E2-4B26-82CF-72E239109BDC} - System32\Tasks\MySearchDial => C:\Users\Admin\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
    Task: {A51911D7-D038-4EEB-AD61-5A56DC920793} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Admin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchro me.exe [2014-07-08] (Sien SA)
    Task: {A753E0A2-E3E7-48C1-AFD9-25B7DB982C67} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-08] (globalUpdate) <==== ATTENTION
    Task: {E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D} - System32\Tasks\ViewPassword_wd => C:\Program Files\ViewPassword-soft\ViewPasswordFIXQNw.exe <==== ATTENTION
    Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:1234ADAE
    AlternateDataStreams: C:\ProgramData\TEMP:1B389835
    AlternateDataStreams: C:\ProgramData\TEMP:206470A5
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
    AlternateDataStreams: C:\ProgramData\TEMP:5080697C
    AlternateDataStreams: C:\ProgramData\TEMP:52C24010
    AlternateDataStreams: C:\ProgramData\TEMP:9491C9C7
    AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
    AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
    AlternateDataStreams: C:\ProgramData\TEMP:C63E7DE2
    AlternateDataStreams: C:\ProgramData\TEMPE875C30
    AlternateDataStreams: C:\ProgramData\TEMP:EFECABA9
    Smartbar
    C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe
    C:\Users\Admin\AppData\Local\Smartbar\Application\Lrcnta.exe
    HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
    IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=p sd&t=3455760bd&q={searchTerms}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=p sd&t=3455760bd&q={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=p sd&t=3455760bd&q={searchTerms}
    BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
    BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL No File
    BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
    Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    FF Plugin: TorchVLC - C:\Users\Admin\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Secure Search\10.2.0.3
    S2 Update LinkiDoo; "C:\Program Files\LinkiDoo\updateLinkiDoo.exe" [X]
    2014-07-08 14:29 - 2014-07-08 14:29 - 00000000 ____D () C:\Systweak
    2014-07-08 15:15 - 2014-04-01 13:15 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
    2014-07-08 15:06 - 2014-04-01 13:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\systweak
    2014-07-08 14:56 - 2014-04-01 12:53 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
    2014-07-08 14:29 - 2014-07-08 14:29 - 00000000 ____D () C:\Systweak
    2014-06-30 17:34 - 2014-04-01 13:14 - 00018272 _____ (System Speedup) C:\Windows\system32\roboot.exe
    2014-06-12 10:10 - 2014-06-12 10:09 - 08052304 _____ () C:\Users\Admin\Downloads\HSS-3.42-install-hss-560-conduit.exe
    2014-06-10 18:04 - 2014-04-01 12:53 - 00001550 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2014-06-10 17:53 - 2014-04-01 12:50 - 00000000 ____D () C:\Users\Admin\AppData\Local\Torch
    C:\Users\Admin\AppData\Local\Temp\BearShare_setup.exe
    C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe
    *****************

    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE}' => Key deleted successfully.
    C:\Windows\System32\Tasks\ViewPassword Update => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword Update' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A9D60ED-75E2-4B26-82CF-72E239109BDC}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9D60ED-75E2-4B26-82CF-72E239109BDC}' => Key deleted successfully.
    C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A51911D7-D038-4EEB-AD61-5A56DC920793}'=> Key not found.
    C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl not found.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A753E0A2-E3E7-48C1-AFD9-25B7DB982C67}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A753E0A2-E3E7-48C1-AFD9-25B7DB982C67}' => Key deleted successfully.
    C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D}' => Key deleted successfully.
    C:\Windows\System32\Tasks\ViewPassword_wd => Moved successfully.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword_wd' => Key deleted successfully.
    C:\Windows\Tasks\MySearchDial.job => Moved successfully.
    C:\ProgramData\TEMP => ":1234ADAE" ADS removed successfully.
    C:\ProgramData\TEMP => ":1B389835" ADS removed successfully.
    C:\ProgramData\TEMP => ":206470A5" ADS removed successfully.
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\TEMP => ":4B6A9FDA" ADS removed successfully.
    C:\ProgramData\TEMP => ":5080697C" ADS removed successfully.
    C:\ProgramData\TEMP => ":52C24010" ADS removed successfully.
    C:\ProgramData\TEMP => ":9491C9C7" ADS removed successfully.
    C:\ProgramData\TEMP => ":96838F8A" ADS removed successfully.
    C:\ProgramData\TEMP => ":9BAC4211" ADS removed successfully.
    C:\ProgramData\TEMP => ":C22674B6" ADS removed successfully.
    C:\ProgramData\TEMP => ":C63E7DE2" ADS removed successfully.
    "AlternateDataStreams: C:\ProgramData\TEMPE875C30" => "AlternateDataStreams: C:\ProgramData\TEMPE875C30" ADS not found.
    C:\ProgramData\TEMP => ":EFECABA9" ADS removed successfully.
    C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe => Moved successfully.
    C:\Users\Admin\AppData\Local\Smartbar\Application\Lrcnta.exe => Moved successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
    'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe' => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
    'HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
    'HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}' => Key deleted successfully.
    'HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully.
    'HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}' => Key deleted successfully.
    'HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}' => Key deleted successfully.
    'HKCR\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}' => Key deleted successfully.
    'HKCR\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}' => Key deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}' => Key deleted successfully.
    'HKCR\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}' => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
    'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
    'HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} => value deleted successfully.
    'HKCR\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}' => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
    'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
    'HKLM\Software\MozillaPlugins\TorchVLC' => Key deleted successfully.
    C:\Users\Admin\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll => Moved successfully.
    HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
    Update LinkiDoo => Service deleted successfully.
    C:\Systweak => Moved successfully.
    "C:\Windows\Tasks\MySearchDial.job" => File/Directory not found.
    C:\Users\Admin\AppData\Roaming\systweak => Moved successfully.
    C:\ProgramData\TorchCrashHandler => Moved successfully.
    "C:\Systweak" => File/Directory not found.
    C:\Windows\system32\roboot.exe => Moved successfully.
    C:\Users\Admin\Downloads\HSS-3.42-install-hss-560-conduit.exe => Moved successfully.
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk => Moved successfully.
    C:\Users\Admin\AppData\Local\Torch => Moved successfully.
    C:\Users\Admin\AppData\Local\Temp\BearShare_setup.exe => Moved successfully.
    C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.

    ==== End of Fixlog ====
     

    Attached Files:

  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Are you still getting peculiar messages?
     
  8. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    It's worse if anything. Getting hit with pop ups at every turn
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    cocapee1,
    -------------------------------------------------------------
    AdwCleaner Download and Run

    Download AdwCleaner and save it to your desktop or somewhere you can find it.
    Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.

    --------------------------------------------
    TDSSKiller - Rootkit Removal Tool
    Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
    1. Right Click on TDSSKiller.exe and select "Run as administrator" to run the tool for known TDSS variants.
      If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
      If you don't see file extensions, please see: How to change the file extension.
      If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
    2. Click the Start Scan button. Do not use the computer during the scan!
    3. If the scan completes with nothing found, click Close to exit.
    4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure Cure (default) is selected...
      • let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be unchecked/ignored) & then choose reboot.
      • If Cure is not offered as an option, choose Skip.
    5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
      (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
    6. Copy and paste the contents of that file in your next reply.
    If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

    So we are looking for the log from AdwCleaner, and the log from TDSSKiller.
    askey127
     
  10. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    AdwCleaner v3.215 - Report created 09/07/2014 at 19:27:02
    # Updated 09/07/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Admin - ADMIN-PC
    # Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****
    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem
    Service Deleted : LPTSystemUpdater
    [#] Service Deleted : torchcrashhandler
    Service Deleted : vToolbarUpdater18.0.5
    Service Deleted : xmkysecqun32
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\Program Files\003
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\BearShare Applications
    Folder Deleted : C:\Program Files\FilmFanaticEI
    Folder Deleted : C:\Program Files\FLVM Player
    Folder Deleted : C:\Program Files\globalUpdate
    Folder Deleted : C:\Program Files\LPT
    Folder Deleted : C:\Program Files\Mysearchdial
    Folder Deleted : C:\Program Files\SupraSavings
    Folder Deleted : C:\Program Files\Systweak Support Dock
    Folder Deleted : C:\Program Files\ViewPassword-soft
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Admin\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Admin\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Admin\AppData\Local\LPT
    Folder Deleted : C:\Users\Admin\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\Admin\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Admin\AppData\Local\Smartbar
    Folder Deleted : C:\Users\Admin\AppData\Local\torch
    Folder Deleted : C:\Users\Admin\AppData\Local\WeatherAlerts
    Folder Deleted : C:\Users\Admin\AppData\Local\Temp\hotspot shield
    Folder Deleted : C:\Users\Admin\AppData\Local\Temp\Iminent
    Folder Deleted : C:\Users\Admin\AppData\Local\Temp\Smartbar
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\Bandoo
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\Mysearchdial
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\Smartbar
    Folder Deleted : C:\Users\Admin\AppData\Roaming\Activeris
    Folder Deleted : C:\Users\Admin\AppData\Roaming\Bandoo
    Folder Deleted : C:\Users\Admin\AppData\Roaming\Mysearchdial
    Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    Folder Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    File Deleted : C:\END
    File Deleted : C:\Windows\system32\RegistryHelperLM.ocx
    File Deleted : C:\Users\Admin\daemonprocess.txt
    File Deleted : C:\Users\Admin\AppData\Local\Temp\Searchqu.ini
    File Deleted : C:\Users\Admin\AppData\Local\Temp\searchqutoolbar-manifest.xml
    File Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    File Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Youtube.lnk
    File Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
    File Deleted : C:\Users\Admin\Desktop\Facebook.lnk
    File Deleted : C:\Users\Admin\Desktop\Torch.lnk
    File Deleted : C:\Users\Admin\Desktop\Youtube.lnk
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage-journal
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
    File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
    File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
    File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    File Deleted : C:\Windows\Tasks\ViewPassword Update.job
    File Deleted : C:\Windows\Tasks\ViewPassword_wd.job
    ***** [ Shortcuts ] *****
    Shortcut Disinfected : C:\Users\Admin\Desktop\Search.lnk
    Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41FBBC7B-BA55-49B1-B380-EC3C2EBD2F50}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41FBBC7B-BA55-49B1-B380-EC3C2EBD2F50}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BearShareIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
    Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\AnyProtect
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\mysearchdial
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\smartbarbackup
    Key Deleted : HKCU\Software\smartbarlog
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\Wajam
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
    Key Deleted : HKCU\Software\AppDataLow\Software\ViewPassword
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Bandoo
    Key Deleted : HKLM\Software\coupon downloader
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\Software\suprasavings
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\torch
    Key Deleted : HKLM\Software\V9Software
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\coupon downloader
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17207
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
    -\\ Google Chrome v35.0.1916.153
    [ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGIsQmua-T5gvDMs8RB4JvC1gX9VFgBjMeb0hdkKKY_HpFukA-hDHhNRaOFnX6YoqK5haVz5LAOCtftaHAUWJ2EJAahEKj7Jj6Qw-1AJKhfRk2zng6HZ5cXzcuZ1R2odxGNS46nHyFamCYHpJQZOw7tk_XPRL4k3NVCQ,&q={searchTerms}
    Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDyEyCtC0ByCyBtA0AyEyBtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0DtAyE0D0DyB0EtG0FtDyC0AtG0D0F0CzztGzyyC0DyEtGyCyByByDtC0FyD0Czyzz0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtD0B0D0AtCyBtGyBtD0D0EtGtDtAyBtDtG0ByB0BtDtGyEtCtBzytBtD0EyDyCtA0Ezz2Q&cr=354381781&ir=
    Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd&q={searchTerms}
    Deleted [Startup_urls] : hxxp://www.v9.com/?type=hp&ts=1404825618&from=slbnew&uid=ST3160215AS_6RABBAXHXXXX6RABBAXH&i=psd&t=3455760bd
    Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
    Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
    Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
    *************************
    AdwCleaner[R0].txt - [28716 octets] - [09/07/2014 19:24:23]
    AdwCleaner[S0].txt - [26081 octets] - [09/07/2014 19:27:02]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26142 octets] ##########
     
  11. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    I cant save tdsskill.exe to desktop and couldn't run as administrator?
     
  12. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    I ran tdsskiller as is and scanned with no problems detected...Ihave not had my virus problem for some 10 minutes now? wondering if it's fixed..
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    AdwCleaner removed a very large pile of junk from the machine.
    Keep an eye on it for a day or so, and let me know of any problems.
    Otherwise you can mark this Solved if it looks OK to you.
     
  14. cocapee1

    cocapee1 Thread Starter

    Joined:
    Mar 12, 2014
    Messages:
    104
    Thank you for your help I still have my original problem but it is manageable it was getting out of hand. I will mark this down as solved for the time being and thank you again for your time. All the best Tommy...
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Thanks, Tommy.
    Sometimes when a very large amount of junkware is found on the machine, running AdwCleaner one more time may remove a few things it could not get the first time. It's worth trying in this case.
    Good luck
    'askey127
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1129258

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice