Suspected Malware

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • jmarket
    PCHF Owner
    • Jan 2015
    • 7636
    #31
    You were infected by an adware known as Navipromo. It’s an adware that uses rootkit techniques to hide itself. To verify it has indeed been removed, I need you to do one final scan for me.

    Download Malwarebytes Anti-Malware and run it.
    [ul]
    [li]Make sure a checkmark is placed next to Launch Malwarebytes’ Anti-Malware, then click Finish.[/li][li]Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.[/li][li]Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.[/li][li]Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.[/li][li]If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).[/li][li]The scan may take some time to finish,so please be patient.[/li][li]If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.[/li][li]While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/li][li]The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.[/li][/ul]
    Please copy and paste the contents of the log in your next reply.

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7041
        #32
        After the malwarebytes scan, I would like to check with FRST to make sure that I did not miss anything. I will need fresh logs.

        Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

        [ul]
        [li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
        [li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
        Please Copy & Paste them into your next reply

        Security Check Scan.

        Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.

          Comment

          • BJanson
            PCHF Member
            • Sep 2016
            • 41
            #33
            Malwarebytes didn’t detect any threats. I see no option to view a detailed log and there is nothing in the history.

              Comment

              • BJanson
                PCHF Member
                • Sep 2016
                • 41
                #34
                Frst.txt…

                Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
                Ran by vieraidx (administrator) on 9SQ6GV1 (22-09-2016 21:46:38)
                Running from C:\Users\vieraidx\Desktop\FRST-OlderVersion
                Loaded Profiles: vieraidx & UpdatusUser (Available Profiles: vieraidx & UpdatusUser & Administrator)
                Platform: Windows 7 Enterprise (X64) Language: English (United States)
                Internet Explorer Version 9 (Default browser: Chrome)
                Boot Mode: Normal
                Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

                ==================== Processes (Whitelisted) =================

                (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

                (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
                (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
                (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
                (Microsoft Corporation) C:\Windows\System32\wlanext.exe
                (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
                (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
                (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
                (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
                (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
                (Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
                (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
                (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
                (Intel Corporation) C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
                (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
                (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
                (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
                (MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
                (PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
                (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
                (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
                (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
                (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
                (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
                (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.ex e
                (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64. exe
                (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
                (Intel Corporation) C:\Windows\System32\igfxtray.exe
                (Intel Corporation) C:\Windows\System32\hkcmd.exe
                (Intel Corporation) C:\Windows\System32\igfxpers.exe
                (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
                (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
                (Akamai Technologies, Inc.) C:\Users\vieraidx\AppData\Local\Akamai\netsession_ win.exe
                (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
                (Akamai Technologies, Inc.) C:\Users\vieraidx\AppData\Local\Akamai\netsession_ win.exe
                (Flux Software LLC) C:\Users\vieraidx\AppData\Local\FluxSoftware\Flux\ flux.exe
                (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
                (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
                (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
                (Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
                (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
                (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
                (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
                (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\NI Device Monitor\DeviceMonitor.exe
                (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                () C:\Program Files (x86)\Ariel\Performance\ArielTray.exe
                (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
                (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
                (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
                (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

                ==================== Registry (Whitelisted) ===========================

                (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

                HKLM...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
                HKLM...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-11] ()
                HKLM...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
                HKLM...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
                HKLM...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
                HKLM...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
                HKLM-x32...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
                HKLM-x32...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
                HKLM-x32...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
                HKLM-x32...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
                HKLM-x32...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
                HKLM-x32...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
                HKLM-x32...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25382344 2016-09-19] (Dropbox, Inc.)
                HKLM-x32...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
                HKLM-x32...\Run: [NI Device Monitor] => C:\Program Files (x86)\National Instruments\NI Device Monitor\DeviceMonitor.exe [151552 2015-06-12] (National Instruments Corporation)
                HKLM-x32...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-09-22] (Malwarebytes)
                HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION
                HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
                HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ProgramFilesDir% <====== ATTENTION
                Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
                HKLM...\Policies\Explorer: [NoAutorun] 1
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [616384 2016-06-15] (Cisco WebEx LLC)
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [Akamai NetSession Interface] => C:\Users\vieraidx\AppData\Local\Akamai\netsession_ win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [f.lux] => C:\Users\vieraidx\AppData\Local\FluxSoftware\Flux\ flux.exe [1017224 2013-10-23] (Flux Software LLC)
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\Registra tionWizard.exe [847000 2013-04-19] ()
                HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Policies\Explorer:
                HKU\S-1-5-21-997763345-3520757737-165814833-1000...\MountPoints2: {37949b7a-3ac1-11e0-bfec-806e6f6e6963} - D:\Setup.exe
                HKU\S-1-5-18...\Run: [GarminExpressTrayApp] => “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
                HKU\S-1-5-18...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
                AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-05-11] (NVIDIA Corporation)
                AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-11] (NVIDIA Corporation)
                ShellIconOverlayIdentifiers: [ DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt10] → {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt3] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt4] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt5] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt6] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt7] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt8] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [ DropboxExt9] → {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] → {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt10] → {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt3] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt4] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt5] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt6] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt7] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt8] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                ShellIconOverlayIdentifiers-x32: [ DropboxExt9] → {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
                Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ariel System Tray.lnk [2016-09-20]
                ShortcutTarget: Ariel System Tray.lnk → C:\Program Files (x86)\Ariel\Performance\ArielTray.exe ()
                Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BgInfo.cmd [2014-03-18] ()
                Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2016-09-20]
                ShortcutTarget: NI Error Reporting.lnk → C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
                Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog - Auto Update.lnk [2016-09-20]
                ShortcutTarget: Parker Autoclave Engineers Valves Fittings Tubing Ecatalog - Auto Update.lnk → C:\Program Files (x86)\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog\VFTecatupdate.exe (No File)
                Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk [2016-09-20]
                ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk → C:\Program Files (x86)\Snap-tite\QDecatupdate.exe (Snap-tite Components)
                Startup: C:\Users\vieraidx\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-09-20]
                ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk → C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

                ==================== Internet (Whitelisted) ====================

                (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

                Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
                Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
                Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
                Tcpip..\Interfaces{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}: [DhcpNameServer] 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202
                Tcpip..\Interfaces{E0BD89A2-0196-4F2C-8582-698D606FB76F}: [DhcpNameServer] 192.168.1.1
                [HEADING=1]Internet Explorer:[/HEADING]
                HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
                HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://intranet/WinExchange/
                HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
                HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
                SearchScopes: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
                BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
                BHO: WebEx Productivity Tools → {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} → C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2016-06-15] (Cisco WebEx LLC)
                BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
                BHO-x32: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
                BHO-x32: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
                BHO-x32: WebEx Productivity Tools → {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} → C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2016-06-15] (Cisco WebEx LLC)
                BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
                Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2016-06-15] (Cisco WebEx LLC)
                Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2016-06-15] (Cisco WebEx LLC)
                [HEADING=1]FireFox:[/HEADING]
                FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_ 162.dll [2016-09-13] ()
                FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
                FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
                FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_ 162.dll [2016-09-13] ()
                FF Plugin-x32: @adobe.com/ShockwavePlayer → C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148 .dll [2013-12-05] (Adobe Systems, Inc.)
                FF Plugin-x32: @Google.com/GoogleEarthPlugin → C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
                FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
                FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
                FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
                FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-10] (NVIDIA Corporation)
                FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-10] (NVIDIA Corporation)
                FF Plugin-x32: @ptc.com/IsoView → C:\Program Files (x86)\Common Files\PTC\npisoview.dll [2014-10-29] (PTC Inc.)
                FF Plugin-x32: @ptc.com/ProductViewLite → C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll [2014-10-29] (PTC)
                FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
                FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-14] ()
                [HEADING=1]Chrome:[/HEADING]
                CHR Profile: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default [2016-09-22]
                CHR Extension: (Xfinity) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkd bigdmb [2016-09-21]
                CHR Extension: (Chrome Web Store Payments) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-09-21]
                CHR Extension: (Chrome Media Router) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-09-22]
                CHR HKLM-x32...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrom e\xfinity.crx [2013-02-08]

                ==================== Services (Whitelisted) ========================

                (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
                R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
                R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
                S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
                S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
                R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-19] (Windows (R) Win 7 DDK provider)
                R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
                R2 impi_smpd; C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe [1611168 2015-07-09] (Intel Corporation)
                R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
                R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
                R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
                S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
                S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
                R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
                R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-08-17] (National Instruments Corporation)
                R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
                S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
                R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
                R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
                R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
                R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
                R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
                R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
                R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
                R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
                R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [510976 2015-03-18] (PTC Inc.) [File not signed]
                S3 smstsmgr; C:\Windows\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)
                S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
                R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
                R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

                ===================== Drivers (Whitelisted) ==========================

                (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
                S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-27] (Intel Corporation) [File not signed]
                S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [287232 2010-06-21] (Intel(R) Corporation) [File not signed]
                R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
                R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
                R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-11] (NVIDIA Corporation)
                R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
                S3 smwdm; C:\Windows\System32\drivers\smwdm.sys [347904 2005-02-03] (Analog Devices, Inc.)
                S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
                S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
                S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-03-03] (Sierra Wireless Inc.)
                U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-20] ()
                R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-20] (Zemana Ltd.)
                R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-20] (Zemana Ltd.)

                ==================== NetSvcs (Whitelisted) ===================

                (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                ==================== One Month Created files and folders ========

                (If an entry is included in the fixlist, the file/folder will be moved.)

                2016-09-22 20:39 - 2016-09-22 20:39 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
                2016-09-22 20:36 - 2016-09-22 20:36 - 03934859 _____ C:\Users\vieraidx\Downloads\Docs.pdf
                2016-09-22 00:37 - 2016-09-22 00:37 - 00001284 _____ C:\Users\vieraidx\Desktop\AdwCleaner[S1].txt
                2016-09-22 00:02 - 2016-09-22 00:02 - 02626201 _____ C:\Users\vieraidx\Downloads\geek (1).zip
                2016-09-21 22:44 - 2016-09-22 21:46 - 00000000 ____D C:\Users\vieraidx\Desktop\FRST-OlderVersion
                2016-09-21 22:36 - 2016-09-21 22:41 - 00000000 ____D C:\Users\vieraidx\AppData\Roaming\Geek Uninstaller
                2016-09-21 22:36 - 2016-09-21 22:36 - 02626201 _____ C:\Users\vieraidx\Downloads\geek.zip
                2016-09-21 22:05 - 2016-09-21 22:49 - 00000000 ____D C:\Users\vieraidx\AppData\Local\CrashDumps
                2016-09-21 21:58 - 2016-09-22 00:34 - 00000000 ____D C:\AdwCleaner
                2016-09-21 21:57 - 2016-09-21 21:57 - 03861056 _____ C:\Users\vieraidx\Desktop\adwcleaner_6.020.exe
                2016-09-20 20:32 - 2016-09-22 21:46 - 00076480 _____ C:\Windows\ZAM.krnl.trace
                2016-09-20 20:32 - 2016-09-22 21:46 - 00032337 _____ C:\Windows\ZAM_Guard.krnl.trace
                2016-09-20 20:31 - 2016-09-20 20:32 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
                2016-09-20 20:31 - 2016-09-20 20:31 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
                2016-09-20 20:31 - 2016-09-20 20:31 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
                2016-09-20 20:31 - 2016-09-20 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
                2016-09-20 20:29 - 2016-09-20 20:29 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Zemana
                2016-09-20 20:28 - 2016-09-20 20:29 - 05292304 _____ ( ) C:\Users\vieraidx\Downloads\Zemana.AntiMalware.Set up.exe
                2016-09-20 19:32 - 2016-09-20 19:32 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
                2016-09-20 19:31 - 2016-09-20 19:31 - 00000000 ____D C:\ProgramData\RogueKiller
                2016-09-20 19:31 - 2016-09-20 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
                2016-09-20 19:31 - 2016-09-20 19:31 - 00000000 ____D C:\Program Files\RogueKiller
                2016-09-20 19:30 - 2016-09-20 19:30 - 33568688 _____ (Adlice Software ) C:\Users\vieraidx\Downloads\setup.exe
                2016-09-20 19:23 - 2016-09-20 19:02 - 00024064 _____ C:\Windows\zoek-delete.exe
                2016-09-20 19:17 - 2016-09-20 19:26 - 00000000 ____D C:\zoek
                2016-09-20 19:02 - 2016-09-20 19:20 - 00000000 ____D C:\zoek_backup
                2016-09-20 19:02 - 2016-09-20 19:02 - 01309184 _____ C:\Users\vieraidx\Downloads\zoek.exe
                2016-09-20 18:32 - 2016-09-20 18:53 - 00000000 ____D C:\Users\vieraidx\AppData\Roaming\ZHP
                2016-09-20 18:32 - 2016-09-20 18:32 - 00000801 _____ C:\Users\vieraidx\Desktop\ZHPCleaner.lnk
                2016-09-20 18:31 - 2016-09-20 18:31 - 02398720 _____ C:\Users\vieraidx\Downloads\ZHPCleaner.exe
                2016-09-20 18:13 - 2016-09-20 18:13 - 05200384 _____ (AVAST Software) C:\Users\vieraidx\Downloads\aswmbr.exe
                2016-09-20 18:03 - 2016-09-20 18:04 - 00272541 _____ C:\Users\vieraidx\Downloads\Addition.txt
                2016-09-20 18:02 - 2016-09-20 18:04 - 00054311 _____ C:\Users\vieraidx\Downloads\FRST.txt
                2016-09-20 18:01 - 2016-09-22 21:46 - 00000000 ____D C:\FRST
                2016-09-20 18:00 - 2016-09-21 22:44 - 02402816 _____ (Farbar) C:\Users\vieraidx\Desktop\FRST64.exe
                2016-09-20 03:12 - 2016-09-20 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
                2016-09-19 20:15 - 2016-09-19 20:15 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
                2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
                2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
                2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
                2016-09-19 18:47 - 2016-09-19 18:47 - 00000000 ____D C:\ProgramData\FileFinder
                2016-09-19 11:48 - 2016-09-21 16:01 - 00132180 _____ C:\Users\vieraidx\Desktop\Workcycles-prices-Vkp-EN-Mrt15-City.pdf
                2016-09-15 09:46 - 2016-09-15 09:46 - 00034358 _____ C:\Users\vieraidx\Downloads\TGCK_RELEASE_FORM (1).pdf
                2016-09-15 09:45 - 2016-09-15 09:45 - 00108201 _____ C:\Users\vieraidx\Downloads\San Marcos 2016.pdf
                2016-09-15 09:45 - 2016-09-15 09:45 - 00034358 _____ C:\Users\vieraidx\Downloads\TGCK_RELEASE_FORM.pdf
                2016-09-12 10:45 - 2016-09-12 10:45 - 00056164 _____ C:\Users\vieraidx\Downloads\VeritasReset (1).pdf
                2016-09-11 18:07 - 2016-09-11 18:07 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (7).pdf
                2016-09-11 17:09 - 2016-09-11 17:09 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (6).pdf
                2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (5).pdf
                2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (4).pdf
                2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (3).pdf
                2016-09-11 15:17 - 2016-09-11 15:17 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (2).pdf
                2016-09-11 14:48 - 2016-09-11 14:48 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (1).pdf
                2016-09-11 11:20 - 2016-09-11 11:20 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft.pdf
                2016-09-08 14:54 - 2016-09-08 14:54 - 00058267 _____ C:\Users\vieraidx\Downloads\GSAP_msds_01104200.PDF
                2016-09-08 14:54 - 2016-09-08 14:54 - 00058267 _____ C:\Users\vieraidx\Desktop\GSAP_msds_01104200 (1).PDF
                2016-09-07 10:32 - 2016-09-07 10:32 - 00000000 ___D C:\Users\vieraidx\AppData\Local\CEF
                2016-09-06 09:18 - 2016-09-20 04:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
                2016-09-04 06:01 - 2016-09-17 11:30 - 00011612 _____ C:\Users\vieraidx\Desktop\Beetle.xlsx
                2016-09-03 09:42 - 2016-09-03 09:43 - 00056164 _____ C:\Users\vieraidx\Downloads\VeritasReset.pdf
                2016-09-03 06:55 - 2016-09-03 06:55 - 00054082 _____ C:\Users\vieraidx\Downloads\Key Purchase.pdf
                2016-09-01 13:57 - 2016-09-01 13:57 - 00108595 _____ C:\Users\vieraidx\Downloads\Automatic Pmt Form Rev. 05-2016 (1).pdf
                2016-09-01 11:22 - 2016-09-01 11:22 - 00015575 _____ C:\Users\vieraidx\Downloads\P25471-6-35-P25471 Patent Review - Approved.pdf
                2016-09-01 11:15 - 2016-09-01 11:15 - 00108595 _____ C:\Users\vieraidx\Downloads\Automatic Pmt Form Rev. 05-2016.pdf
                2016-09-01 09:52 - 2016-09-01 09:52 - 00242984 _____ C:\Users\vieraidx\Downloads\WFT Stage Gate Development Process.pdf
                2016-08-31 14:16 - 2016-08-31 14:16 - 00204035 _____ C:\Users\vieraidx\Downloads\catalogo_motorini (1).zip
                2016-08-31 14:13 - 2016-08-31 14:13 - 00204035 _____ C:\Users\vieraidx\Downloads\catalogo_motorini.zip
                2016-08-28 10:20 - 2016-08-28 10:20 - 156029242 _____ C:\Users\vieraidx\Desktop\N_Beetle_98-08 (1).pdf
                2016-08-28 10:19 - 2016-08-28 10:19 - 156029242 _____ C:\Users\vieraidx\Downloads\N_Beetle_98-08.pdf
                2016-08-27 09:46 - 2016-08-27 09:46 - 01803260 _____ C:\Users\vieraidx\Downloads\130-U (2).pdf
                2016-08-26 18:51 - 2016-08-26 18:51 - 00124992 _____ C:\Users\vieraidx\Downloads\Bill of Sale - v2 – 2008 Volkswagen.pdf
                2016-08-26 18:48 - 2016-08-26 18:48 - 01803260 _____ C:\Users\vieraidx\Downloads\130-U (1).pdf
                2016-08-26 09:55 - 2016-08-26 09:55 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (3).pdf
                2016-08-26 09:55 - 2016-08-26 09:55 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (2).pdf
                2016-08-26 09:53 - 2016-08-26 09:53 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (1).pdf
                2016-08-26 09:52 - 2016-08-26 09:52 - 00167748 _____ C:\Users\vieraidx\Downloads\ReturnofServiceFaxedDP SSOAH.pdf
                2016-08-25 10:51 - 2016-08-25 10:51 - 00134870 _____ C:\Users\vieraidx\Desktop\3591 rev H.dwg
                2016-08-23 15:02 - 2016-08-23 15:02 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice.pdf
                2016-08-23 13:48 - 2016-08-23 13:48 - 00409192 _____ C:\Users\vieraidx\Downloads\CARFAX Vehicle History Report for this 2008 VOLKSWAGEN NEW BEETLE S_SE                 3VWRW31C08M522598 (2).pdf

                ==================== One Month Modified files and folders ========

                (If an entry is included in the fixlist, the file/folder will be moved.)

                2016-09-22 21:45 - 2016-02-08 09:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
                2016-09-22 21:03 - 2016-02-08 10:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
                2016-09-22 21:03 - 2015-09-24 13:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
                2016-09-22 21:01 - 2012-08-06 10:53 - 00000000 ____D C:\Users\vieraidx
                2016-09-22 21:00 - 2015-09-24 14:25 - 00000000 ___RD C:\Users\vieraidx\Dropbox
                2016-09-22 20:59 - 2015-09-24 13:58 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
                2016-09-22 20:59 - 2012-08-06 10:54 - 00000000 ____D C:\Users\vieraidx\Tracing
                2016-09-22 20:49 - 2009-07-13 23:45 - 00017696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
                2016-09-22 20:49 - 2009-07-13 23:45 - 00017696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
                2016-09-22 20:44 - 2011-02-17 13:31 - 00000000 ____D C:\ProgramData\Sonic
                2016-09-22 20:44 - 2010-02-25 17:57 - 00000567 _____ C:\Windows\SMSCFG.ini
                2016-09-22 20:41 - 2012-08-02 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
                2016-09-22 20:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
                2016-09-22 20:39 - 2016-02-08 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
                2016-09-22 17:33 - 2012-08-27 03:51 - 00000000 ____D C:\Users\vieraidx\Documents\Outlook Files
                2016-09-22 17:11 - 2010-03-24 17:42 - 00000656 _____ C:\Windows\system32\config\netlogon.ftl
                2016-09-22 13:33 - 2012-08-02 15:24 - 00124098 __RSH C:\ProgramData\ntuser.pol
                2016-09-21 22:51 - 2012-08-02 15:15 - 00000000 ____D C:\Users\UpdatusUser
                2016-09-21 22:47 - 2012-08-06 15:33 - 00000000 ____D C:\Program Files\Google
                2016-09-21 22:47 - 2012-08-06 15:32 - 00000000 ____D C:\Program Files (x86)\Google
                2016-09-21 22:44 - 2013-05-20 11:20 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
                2016-09-21 22:39 - 2012-08-06 15:25 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Google
                2016-09-21 22:00 - 2013-06-04 15:10 - 00001300 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
                2016-09-21 22:00 - 2012-08-02 15:49 - 00001192 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Internet Explorer.lnk
                2016-09-21 22:00 - 2012-08-02 15:49 - 00001001 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Internet Explorer (64-bit).lnk
                2016-09-21 13:08 - 2013-10-11 06:57 - 00000000 ____D C:\Windows\ccmcache
                2016-09-21 10:45 - 2012-08-03 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
                2016-09-21 10:45 - 2012-08-03 09:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
                2016-09-21 10:39 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
                2016-09-21 10:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
                2016-09-20 22:11 - 2012-08-06 10:53 - 00001014 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Internet Explorer.lnk
                2016-09-20 22:11 - 2012-08-06 10:53 - 00001014 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Internet Explorer (64-bit).lnk
                2016-09-20 19:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
                2016-09-20 11:56 - 2016-05-22 15:17 - 00002202 _____ C:\Users\vieraidx\Desktop\Kindle.lnk
                2016-09-20 10:15 - 2013-02-08 10:17 - 00000000 ____D C:\Users\vieraidx\Documents\My Received Files
                2016-09-20 08:05 - 2014-09-23 17:06 - 00000000 ____D C:\Users\vieraidx\Desktop\Purch Req’s
                2016-09-20 04:03 - 2016-05-13 20:18 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
                2016-09-20 04:03 - 2016-04-24 22:50 - 00000762 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
                2016-09-20 04:03 - 2016-04-13 09:33 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
                2016-09-20 04:03 - 2016-02-08 09:16 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCAP.lnk
                2016-09-20 04:03 - 2016-02-08 09:16 - 00002065 _____ C:\Users\Public\Desktop\WCAP.lnk
                2016-09-20 04:03 - 2015-08-19 09:25 - 00002109 _____ C:\Users\Public\Desktop\WFT Service Desk.lnk
                2016-09-20 04:03 - 2014-05-16 14:03 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
                2016-09-20 04:03 - 2014-04-07 07:10 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center Endpoint Protection.lnk
                2016-09-20 04:03 - 2013-06-04 15:12 - 00001899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HRTWin.lnk
                2016-09-20 04:03 - 2013-05-18 01:16 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
                2016-09-20 04:03 - 2013-05-02 08:29 - 00002447 _____ C:\Users\Public\Desktop\WFT Employee Connect.lnk
                2016-09-20 04:03 - 2012-10-26 10:40 - 00001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WFT Intranet.lnk
                2016-09-20 04:03 - 2012-09-28 13:18 - 00002143 _____ C:\Users\Public\Desktop\AutoCAD LT 2012.lnk
                2016-09-20 04:03 - 2010-02-25 17:43 - 00001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
                2016-09-20 04:03 - 2010-02-25 17:03 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
                2016-09-20 04:03 - 2010-02-25 17:03 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
                2016-09-20 04:03 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
                2016-09-20 04:03 - 2009-07-13 23:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
                2016-09-20 04:03 - 2009-07-13 23:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
                2016-09-20 04:03 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
                2016-09-20 04:02 - 2016-04-24 22:50 - 00000750 _____ C:\Users\vieraidx\Desktop\Anki.lnk
                2016-09-20 04:02 - 2016-02-15 14:44 - 00001174 _____ C:\Users\vieraidx\Desktop\CPD Systems Engineering - Shortcut.lnk
                2016-09-20 04:02 - 2016-02-15 12:10 - 00000840 _____ C:\Users\vieraidx\Desktop\P25471 - Set Point Choke - Shortcut.lnk
                2016-09-20 04:02 - 2016-02-15 12:08 - 00000782 _____ C:\Users\vieraidx\Desktop\Standards - Shortcut.lnk
                2016-09-20 04:02 - 2016-02-15 12:08 - 00000612 _____ C:\Users\vieraidx\Desktop\Calculators - Shortcut.lnk
                2016-09-20 04:02 - 2015-12-23 10:05 - 00001314 _____ C:\Users\vieraidx\Desktop\NS.lnk
                2016-09-20 04:02 - 2015-10-02 07:37 - 00003031 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Window s\Start Menu\CADRE Pro.lnk
                2016-09-20 04:02 - 2015-08-21 12:47 - 00001728 _____ C:\Users\vieraidx\Desktop\Creo3 PDMLink.lnk
                2016-09-20 04:02 - 2015-08-19 09:25 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WFT Service Desk.lnk
                2016-09-20 04:02 - 2015-08-19 09:25 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\OEPS Online.lnk
                2016-09-20 04:02 - 2015-07-01 13:55 - 00002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mathcad 15.lnk
                2016-09-20 04:02 - 2014-02-11 18:24 - 00002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog.lnk
                2016-09-20 04:02 - 2013-03-25 15:12 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Snap-tite Components.lnk
                2016-09-20 04:02 - 2012-08-14 13:02 - 00003003 _____ C:\Users\vieraidx\Desktop\Microsoft Word 2010.lnk
                2016-09-20 04:02 - 2012-08-14 13:02 - 00002933 _____ C:\Users\vieraidx\Desktop\Microsoft Excel 2010.lnk
                2016-09-20 04:02 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
                2016-09-20 04:02 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
                2016-09-20 03:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
                2016-09-20 03:49 - 2013-08-03 12:20 - 00000000 ____D C:\ProgramData\comcastModemRelease
                2016-09-20 03:12 - 2015-09-24 13:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
                2016-09-17 03:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
                2016-09-16 15:36 - 2016-02-19 17:49 - 00000000 ____D C:\Users\vieraidx\Desktop\Weekly Updates
                2016-09-15 16:47 - 2014-05-16 14:01 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Paint.NET
                2016-09-13 16:29 - 2012-08-02 15:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
                2016-09-13 16:29 - 2012-08-02 15:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
                2016-09-13 16:29 - 2012-08-02 15:49 - 00000000 ____D C:\Windows\system32\Macromed
                2016-09-13 16:29 - 2010-02-25 17:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
                2016-09-13 15:54 - 2013-11-22 11:38 - 00000000 ____D C:\Users\vieraidx\Documents\creo
                2016-09-12 18:45 - 2014-10-17 10:21 - 00000000 ____D C:\Users\vieraidx\Desktop\Misc
                2016-09-10 08:52 - 2009-07-14 00:13 - 00783946 _____ C:\Windows\system32\PerfStringBackup.INI
                2016-09-08 13:46 - 2016-03-08 11:09 - 00011550 _____ C:\Users\vieraidx\Desktop\Leave Summary.xlsx
                2016-09-07 15:25 - 2016-04-24 22:52 - 00000000 ____D C:\Users\vieraidx\Documents\Anki
                2016-09-07 10:32 - 2014-08-17 17:14 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Adobe
                2016-09-06 09:18 - 2010-02-25 17:42 - 00000000 ____D C:\Program Files (x86)\Adobe

                ==================== Bamital & volsnap =================

                (There is no automatic fix for files that do not pass verification.)

                C:\Windows\system32\winlogon.exe => File is digitally signed
                C:\Windows\system32\wininit.exe => File is digitally signed
                C:\Windows\SysWOW64\wininit.exe => File is digitally signed
                C:\Windows\explorer.exe => File is digitally signed
                C:\Windows\SysWOW64\explorer.exe => File is digitally signed
                C:\Windows\system32\svchost.exe => File is digitally signed
                C:\Windows\SysWOW64\svchost.exe => File is digitally signed
                C:\Windows\system32\services.exe => File is digitally signed
                C:\Windows\system32\User32.dll => File is digitally signed
                C:\Windows\SysWOW64\User32.dll => File is digitally signed
                C:\Windows\system32\userinit.exe => File is digitally signed
                C:\Windows\SysWOW64\userinit.exe => File is digitally signed
                C:\Windows\system32\rpcss.dll => File is digitally signed
                C:\Windows\system32\dnsapi.dll => File is digitally signed
                C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
                C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

                LastRegBack: 2016-09-15 07:30

                ==================== End of FRST.txt ============================

                  Comment

                  • BJanson
                    PCHF Member
                    • Sep 2016
                    • 41
                    #35
                    Addition.txt

                      Comment

                      • jmarket
                        PCHF Owner
                        • Jan 2015
                        • 7636
                        #36
                        Sorry about the delay. Had a massive headache.

                        While we wait for Mal to look over your log, are you still experiencing popups and redirects?

                          Comment

                          • BJanson
                            PCHF Member
                            • Sep 2016
                            • 41
                            #37
                            Originally posted by jmarket
                            Sorry about the delay. Had a massive headache.

                            While we wait for Mal to look over your log, are you still experiencing popups and redirects?
                            Nope. As I said, those went away early into this process a couple days ago.

                              Comment

                              • BJanson
                                PCHF Member
                                • Sep 2016
                                • 41
                                #38
                                Thanks for your help guys - I really appreciate it. This is a great service/ resource. Is there any help here for virus problems on apples? Or does anyone know a similar site that can help with that?

                                  Comment

                                  • jmarket
                                    PCHF Owner
                                    • Jan 2015
                                    • 7636
                                    #39
                                    We work with any OS.

                                    Sent from my SM-G935T using Tapatalk

                                      Comment

                                      • BJanson
                                        PCHF Member
                                        • Sep 2016
                                        • 41
                                        #40
                                        Originally posted by jmarket
                                        We work with any OS.

                                        Sent from my SM-G935T using Tapatalk
                                        Great to hear. Should I start a new thread in this forum, or is there a more appropriate forum?

                                          Comment

                                          • jmarket
                                            PCHF Owner
                                            • Jan 2015
                                            • 7636
                                            #41
                                            This forum is for all malware issues. Post it here (y)

                                              Comment

                                              • Malnutrition
                                                PCHF Moderator
                                                • Jul 2016
                                                • 7041
                                                #42
                                                Your FRST logs are clean.
                                                Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

                                                suggest the following in place of adblock.
                                                Alternate DNS Server. Ad Blocking DNS.
                                                Ublock Origin.
                                                Anti Ad Block Killer.

                                                Also, keep your browsing private with these tools:

                                                Self Destructing Cookies.
                                                Self Destructing Cookies Chrome.

                                                Some items to keep you safe on the internet.

                                                VooDoo Shield. control of what is running on your machine
                                                Qualys BrowserCheck To update plugins.
                                                Web Of Trust To Avoid Shady Websites.
                                                Unchecky To Avoid Bundled Software.
                                                Privazer To Clean up your mahcine.

                                                Now Lets Clean up the tools we used and remove old restore points.

                                                Download DelFix by “Xplode” to your Desktop.
                                                Right Click the tool and Run as Admin ( Xp Users Double Click)
                                                Put a check mark next the items below:

                                                Remove disinfection tools
                                                Create registry backup
                                                Purge System Restore

                                                Now click on “Run” button.
                                                allow the program to complete its work.
                                                all the tools we used will be removed.
                                                Tool will create and open a log report (DelFix.txt)
                                                Note: The report can be located at the following location C:\DelFix.txt

                                                  Comment

                                                  Previous 1 2 3 template Next
                                                  Working...

                                                    We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                    By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                    I Agree