Suspected Malware

**Malnutrition** · 09-20-2016, 11:17 PM

ZHP Scan.

1.Please download zhp cleaner to your desktop. Right Click the icon and select run as administrator.

ZHPCleaner 2025 Télécharger pour Windows 11 / 10 / 7

Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

RogueKiller by Tigzy

[ul]
[li] Download RogueKiller and save it to your desktop[/li][li]Close all running programs[/li][li]Right click on the icon and select Run as Administrator[/li][li]For Windows XP simply double click on the icon[/li][li]The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button[/li][li]Click Scan[/li][li]If, during the scan, you receive a request to upload a file to Virustotal please click Yes[/li][li]A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.[/li][li]If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won’t run, rename it winlogon.exe (or winlogon.com) and try again[/li][li]Copy and paste the contents of the report in your reply[/li][/ul]

**BJanson** · 09-20-2016, 11:21 PM

Malnutrition,
I’m still working through the instructions (have to break up addition.txt to meet the 10000 character requirement). Do you want me to do this now, or continue with instructions first?

**Malnutrition** · 09-20-2016, 11:24 PM

Go ahead and run the programs suggested. If you have a problem posting here, then upload the file rather than copy and paste. If you can not upload the addition.txt then upload it to sendspace.com post the link here.

**BJanson** · 09-20-2016, 11:27 PM

Addition.txt…

**BJanson** · 09-20-2016, 11:28 PM

aswMBR…

**Malnutrition** · 09-20-2016, 11:29 PM

OK, continue on with the other scans.

**BJanson** · 09-20-2016, 11:31 PM

The ZHP scan, correct?

**Malnutrition** · 09-20-2016, 11:32 PM

Yes, and the other two.

**BJanson** · 09-21-2016, 12:00 AM

ZHP Scan…

~ ZHPCleaner v2016.9.20.137 by Nicolas Coolman (2016/09/20)
~ Run by vieraidx (Administrator) (20/09/2016 18:52:15)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\vieraidx\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\vieraidx\AppData\Roaming\ZHP\ZHPCleaner_Q uarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Enterprise, 64-bit (Build 7600)

—\ Services (2)
WINSOCK [Protocol_Catalog9\Catalog_Entries]: Reset the socket that handles the layer TCP/IP (Hijacker.Winsock)
WINSOCK [Protocol_Catalog9\Catalog_Entries64]: Reset the socket that handles the layer TCP/IP (Hijacker.Winsock)

—\ Browser internet (0)
~ No malicious or unnecessary items found.

—\ Hosts file (1)
~ The hosts file is legitimate (1)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (19)
MOVED file: C:\Windows\Prefetch\UPDATETRUSTEDSITES.EXE-AB8F50B6.pf =>PUP.Optional.SimpleSearches
MOVED file: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\vieraidx\AppData\Local\temp\0297-3688-69c8-d9d4 [Webitar Production Inc. - ] =>.Superfluous.WebitarProduction
MOVED file: C:\Users\vieraidx\AppData\Local\temp\7abb-57b8-350a-581f [Webitar Production Inc. - ] =>.Superfluous.WebitarProduction
MOVED file: C:\Users\vieraidx\AppData\Local\temp\bc8e-45d6-8a67-b48b.exe [Webitar Production Inc. - ] =>.Superfluous.WebitarProduction
MOVED file: c:\program files (x86)\Ask.com\fv_cea4.ico =>Toolbar.AsktBar
MOVED file: C:\Windows\Installer{4F524A2D-5350-4500-76A7-A758B70C1D00}\ToolbarIcon.exe =>PUP.Optional.BrowserTabSearch
MOVED folder^: C:\Program Files (x86)\Ask.com =>Toolbar.Ask
MOVED folder: C:\Program Files (x86)\Bobrowsercm =>PUP.Optional.BoBrowser
MOVED folder: C:\Program Files (x86)\download Manager =>PUP.Optional.DownloadManager
MOVED folder: C:\Program Files (x86)\globalUpdate =>PUP.Optional.GlobalUpdate
MOVED folder: C:\ProgramData\APN =>Toolbar.Ask
MOVED folder: C:\ProgramData\Webitar Production Inc =>.Superfluous.WebitarProduction
MOVED folder: C:\Users\vieraidx\AppData\LocalLow\AskToolbar =>Toolbar.Ask
MOVED folder: C:\Users\vieraidx\AppData\Local\CrossBrowser =>PUP.Optional.CrossBrowser
MOVED folder: C:\Users\vieraidx\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate
MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\DealPly =>PUP.Optional.Dealply
MOVED folder: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ

—\ Registry ( Key, Value, Data) (71)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\00000 0000012 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\00000 0000013 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries64\000 000000012 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries64\000 000000013 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}\DhcpNameServer [Bad : 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202] =>Hijacker.Browser
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\APN =>Toolbar.Ask
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Ask.com =>Toolbar.Ask
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcCurveStartPoint [EpfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcCurveStartPoint.1 [EpfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcNewModelImportTyp e [EpfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcNewModelImportTyp e.1 [EpfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNeckFeat [MpfcNeckFeat Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNeckFeat.1 [MpfcNeckFeat Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNote [MpfcNote Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNote.1 [MpfcNote Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcCurveStartPoint [pfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcCurveStartPoint.1 [pfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNEUTRALFileExportI nstructions [pfcNEUTRALFileExportInstructions Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNEUTRALFileExportI nstructions.1 [pfcNEUTRALFileExportInstructions Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNewModelImportType [pfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNewModelImportType .1 [pfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNURBSSurfaceDescri ptor [pfcNURBSSurfaceDescriptor Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNURBSSurfaceDescri ptor.1 [pfcNURBSSurfaceDescriptor Class] =>Adware.Navipromo
DELETED key: HKCU\Software\APN =>Toolbar.Ask
DELETED key: HKCU\Software\Ask.com =>Toolbar.Ask
DELETED key: HKCU\Software\globalUpdate =>PUP.Optional.GlobalUpdate
DELETED key*: HKCU\Software\AppDataLow\Software\AskToolbar =>Toolbar.Ask
DELETED key*: HKCU\Software\AppDataLow\Software\SpeedChecker =>PUP.Optional.InternetSpeedChecker
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall{79A765E1-C399-405B-85AF-466F52E918B0} [Ask.com] =>Toolbar.Ask
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{48A81A13-A1C7-48E6-9BF0-FD5DD1584B92} [C:\Program Files (x86)\I - Cinema (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [C:\Program Files (x86)\Ask.com] =>Toolbar.Ask
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CC155037-DA84-4B86-B29C-736BC9F34C23} [C:\Program Files (x86)\I - Cinema (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL =>PUP.Optional.AsksBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector [Protector Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [Protector Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [ProtectorLib Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [ProtectorLib Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF [Ask Toolbar] =>Toolbar.AsktBar
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F40 5350054677A7A857BC0D100 [Search App by Ask] =>PUP.Optional.BrowserTabSearch
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\APN =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\AskToolbar =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Clara =>PUP.Optional.SupTab
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Webitar Production Inc. =>.Superfluous.WebitarProduction
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface{79FB5F C8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\GenericAsk Toolbar.DLL =>PUP.Optional.AsksBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{86D4B82A-ABED-442A-BE86-96357B70F4FE} [Ask.com] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStu b_RASAPI32 =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStu b_RASMANCS =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPar tnerCobrandingTool_RASAPI32 =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPar tnerCobrandingTool_RASMANCS =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BoBrow ser_RASAPI32 =>PUP.Optional.BoBrowser
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BoBrow ser_RASMANCS =>PUP.Optional.BoBrowser
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\I - Cinema-codedownloader_RASAPI32 =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\I - Cinema-codedownloader_RASMANCS =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TaskSc heduler_RASAPI32 =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TaskSc heduler_RASMANCS =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Update Task_RASAPI32 =>PUP.Optional.UpdateTask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Update Task_RASMANCS =>PUP.Optional.UpdateTask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [C:\Program Files (x86)\Ask.com] =>Toolbar.Ask
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\A28B4D68D EBAA244EB686953B7074FEF =>Toolbar.AsktBar
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F40 5350054677A7A857BC0D100 =>PUP.Optional.BrowserTabSearch
DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\Curr entVersion\Run\NuTCSetupEnviron [C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe] =>Heuristic.Salus
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ApnUpdater [“C:\Program Files (x86)\Ask.com\Updater\Updater.exe”] =>Toolbar.Ask

—\ Summary of the elements found (23)
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.SimpleSearches
Redirecting... =>PUP.Optional.Generic
Blog - Nicolas Coolman =>.Superfluous.WebitarProduction
FRST 2025 Télécharger - Nicolas Coolman =>Toolbar.AsktBar
https://www.nicolascoolman.com/fr/pup-browsertabsearch/ =>PUP.Optional.BrowserTabSearch
https://www.nicolascoolman.com/fr/toolbar-ask/ =>Toolbar.Ask
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.BoBrowser
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.DownloadManager
https://www.nicolascoolman.com/fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.CrossBrowser
https://www.nicolascoolman.com/fr/pup-dealply/ =>PUP.Optional.Dealply
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
https://www.nicolascoolman.com/fr/pup-paybyads/ =>PUP.Optional.PaybyAds
https://www.nicolascoolman.com/fr/adware-navipromo/ =>Adware.Navipromo
Redirecting... =>PUP.Optional.InternetSpeedChecker
Redirecting... =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.AsksBar
Redirecting... =>PUP.Optional.BProtector
https://www.nicolascoolman.com/fr/pup-suptab/ =>PUP.Optional.SupTab
FRST 2025 Télécharger - Nicolas Coolman =>Toolbar.AskBar
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.UpdateTask
https://www.nicolascoolman.com/fr/re...et_infections/ =>Heuristic.Salus

—\ Other deletions. (245)
~ Registry Keys Tracing deleted (245)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.

—\ Statistics
~ Items scanned : 697
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 92

~ End of clean in 00h01mn25s
~====================
ZHPCleaner-[R]-20092016-18_53_40.txt
ZHPCleaner--20092016-18_50_54.txt

**BJanson** · 09-21-2016, 12:29 AM

Zoek…

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by vieraidx on Tue 09/20/2016 at 19:02:27.15.
Microsoft Windows 7 Enterprise 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\vieraidx\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9/20/2016 7:04:41 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Pointstone deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\McAfee deleted successfully
C:\PROGRA~3\Reprise deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\PROGRA~3\xfinity deleted successfully
C:\Users\vieraidx\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Administrator\AppData\Local\AVG Secure Search deleted successfully
C:\Users\vieraidx\AppData\Local\calibre-cache deleted successfully
C:\Users\vieraidx\AppData\Local\Garmin deleted successfully
C:\Users\vieraidx\AppData\Local\LogMeIn Rescue Applet deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\ Ext\Stats{EACF0964-EB7E-31AA-FFEA-CC5EC17DA64C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Fi refox\extensions{F003DA68-8256-4b37-A6C4-350FA04494DF} deleted successfully

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Pointstone not found
C:\Users\vieraidx\AppData\Roaming\calibre deleted
C:\Windows\syswow64\appdata deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEATHE~1 deleted
C:\Users\vieraidx.android deleted
C:\PROGRA~2\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Ask.com deleted
C:\BrowserFragments.xml deleted
C:\DocumentFragments.xml deleted
C:\KeysAndPasswordFragments.xml deleted
C:\pagetables.xml deleted
C:\patternhits.xml deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Administrator\AppData\Local{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\Default\AppData\Local{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\UpdatusUser\AppData\Local{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\vieraidx\AppData\Local\APN deleted
C:\Users\vieraidx\AppData\Local{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\vieraidx\AppData\Local\cache deleted
C:\Users\vieraidx\Downloads\android-studio-bundle-143.2739321-windows.exe deleted
C:\Users\Administrator\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocalLow\AVG Secure Search deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\vieraidx\Documents\Add-in Express deleted
C:\Windows\Installer{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
“C:\Windows\Installer\a29346.msi” deleted
“C:\Windows\Installer\517208.msi” deleted
“C:\Users\vieraidx\AppData\Local{103B46B2-6340-4BE1-AE64-BC12338574D5}” deleted
“C:\Users\vieraidx\AppData\Roaming\mplayer\config” deleted
“C:\Users\vieraidx\AppData\Roaming\mplayer” deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensio ns
hemjgdpngmhbimofcicjfhibkdbigdmb - C:\ProgramData\comcastModemRelease\shortcuts\chrom e\xfinity.crx[02/08/2013 10:46 AM]
nogdfjjfhknacchjpiccacoimeelkajb - No path found

Xfinity - vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkd bigdmb
Chrome Media Router - vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm

==== Chromium Fix ======================

C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" Yahoo on osa Yahoo-konsernia. "
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" http://www.google.com "
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
HKLM\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Search
HKLM\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google Search
HKLM\Wow6432Node\SearchScopes “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
HKLM\Wow6432Node\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Search
HKLM\Wow6432Node\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google Search
HKCU\SearchScopes “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
HKCU\SearchScopes\71207D7947FA4DCAA95FD54BC0330EF8 - Google Search
HKCU\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} - Google Search
HKCU\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Search
HKCU\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google Search

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\57B5CB7129666E043A7448F995B58C20 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall{17BC5B75-6692-40E6-A347-849F595BC802} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\57B5CB7129666E043A7448F995B58C20 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ewtion deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Win dows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5 emptied successfully
C:\Users\vieraidx\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\vieraidx\AppData\Local\temp\acrord32_sbx\ Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vieraidx\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=735 folders=106 2590741169 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\TEMP\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\vieraidx\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\vieraidx\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

“C:\Users\vieraidx\AppData\Local\Microsoft\Windows \Temporary Internet Files\Content.IE5\index.dat” not found

==== EOF on Tue 09/20/2016 at 19:26:15.64 ======================

**BJanson** · 09-21-2016, 01:06 AM

Rogue Killer…
RogueKiller V12.6.3.0 (x64) [Sep 19 2016] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : http://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : vieraidx [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan – Date : 09/20/2016 19:32:02 (Duration : 00:32:24)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\AVG Secure Search → Found
[PUP] (X86) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\AVG Secure Search → Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Yahoo! SearchSet → Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://intranet/WinExchange/ → Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://intranet/WinExchange/ → Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules | {778FDF75-49F3-4B64-A2DA-01F184281FE3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\Users\vieraidx\AppData\Local \temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| → Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules | {4BDD2595-F14F-4EE3-8536-D7D26C077240} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\Users\vieraidx\AppData\Loca l\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| → Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {778FDF75-49F3-4B64-A2DA-01F184281FE3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\Users\vieraidx\AppData\Local \temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| → Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {4BDD2595-F14F-4EE3-8536-D7D26C077240} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\Users\vieraidx\AppData\Loca l\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| → Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {778FDF75-49F3-4B64-A2DA-01F184281FE3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\Users\vieraidx\AppData\Local \temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| → Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {4BDD2595-F14F-4EE3-8536-D7D26C077240} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\Users\vieraidx\AppData\Loca l\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| → Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced | Start_ShowMyGames : 0 → Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced | Start_ShowMyGames : 0 → Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 → Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 → Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\Users\vieraidx\AppData\Local\YSearchUtil → Found
[PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis → Found
[PUP][Folder] C:\Program Files (x86)\turbodiagnosis → Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500423AS ATA Device +++++
— User —
[MBR] 443b09f6e2f68fb6f2b6ed6214dc5f60
[BSP] da53413039e8b8ea17787f20919b413c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 … OK
User = LL2 … OK

**BJanson** · 09-21-2016, 01:07 AM

I assume I should also remove threats that rogue killer finds, correct?

**Malnutrition** · 09-21-2016, 01:16 AM

Yes…

Aslo;…
Zemana Scan

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

[MEDIA=imgur]jdmyscF[/MEDIA]

Remove any infections found.

Then click on the icon in the pic below.

[MEDIA=imgur]DOLGyto[/MEDIA]

Double click on the scan log, copy and paste here in your reply

**BJanson** · 09-21-2016, 03:12 AM

Zemana scan…

Zemana AntiMalware 2.30.2.75 (Installed)

Scan Result : Completed
Scan Date : 2016/9/20
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core™ i7-2640M CPU @ 2.80GHz
BIOS Mode : Legacy
CUID : 12DD319D574B63741FF9E1
Scan Type : Deep Scan
Duration : 86m 6s
Scanned Objects : 329353
Detected Objects : 20
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WFT,1,3
[HEADING=1]Detected Objects[/HEADING]
Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Policy
Status : Scanned
Object : http://usintranet/winexchange
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Policy

Chrome Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Updater.exe
Status : Scanned
Object : %homedrive%\zoek_backup\c_progra~2_ask.com\updater \updater.exe
MD5 : 6EA1BF3F6E6B0613351411A3EB6B85A2
Publisher : Ask.com
Size : 1561768
Version : 1.2.1.23037
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\zoek_backup\c_progra~2_ask.com\updater \updater.exe

vft_ecatalog.exe
Status : Scanned
Object : %homedrive%\zoek_backup\c_progra~2_parker autoclave engineers valves fittings tubing ecatalog\vft_ecatalog.exe
MD5 : AE462C63E0DAF532B51E036192226A22
Publisher : -
Size : 79511
Version : -
Detection : Malware:Win32/Tazzi.A!Taka
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\zoek_backup\c_progra~2_parker autoclave engineers valves fittings tubing ecatalog\vft_ecatalog.exe

Updater.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\ask.com.dir\updater\updat er.exe
MD5 : 6EA1BF3F6E6B0613351411A3EB6B85A2
Publisher : Ask.com
Size : 1561768
Version : 1.2.1.23037
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\ask.com.dir\updater\updat er.exe

UpdateTask.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\dealply\updateproc\update task.exe
MD5 : 2B2B6A5973E1F90B8E34BD800A887B4A
Publisher : DealPly Technologies Ltd
Size : 93728
Version : -
Detection : Adware:Win32/DealPly!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\dealply\updateproc\update task.exe

SaUpdate.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\ask.com.dir\saupdate.exe
MD5 : 7D8C13D31D6EB6BE28984923D894A38D
Publisher : Ask.com
Size : 196776
Version : -
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\ask.com.dir\saupdate.exe

bc8e-45d6-8a67-b48b.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\bc8e-45d6-8a67-b48b.exe
MD5 : F814096ABC23DD904E2169746B5A1084
Publisher : EU Millennium Business LP
Size : 5083392
Version : 0.0.0.0
Detection : Adware:Win32/ExpressDownloader-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\bc8e-45d6-8a67-b48b.exe

precache.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\ask.com.dir\precache.exe
MD5 : 21C5596252234BFB6F1AF059F64B0CB5
Publisher : Ask.com
Size : 70824
Version : -
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\ask.com.dir\precache.exe
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 20
Reported as safe : 0
Failed : 0

Suspected Malware

Suspected Malware

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment