Solved Suspected Malware

BJanson · Sep 21, 2016

Lots of popups suddenly happening with chrome.

Frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2016
Ran by vieraidx (administrator) on 9SQ6GV1 (20-09-2016 18:02:26)
Running from C:\Users\vieraidx\Downloads
Loaded Profiles: vieraidx & UpdatusUser (Available Profiles: vieraidx & UpdatusUser & Administrator)
Platform: Windows 7 Enterprise (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Intel Corporation) C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
(Akamai Technologies, Inc.) C:\Users\vieraidx\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Flux Software LLC) C:\Users\vieraidx\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Ariel\Performance\ArielTray.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Akamai Technologies, Inc.) C:\Users\vieraidx\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\NI Device Monitor\DeviceMonitor.exe
(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-11] ()
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25382344 2016-09-19] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [NI Device Monitor] => C:\Program Files (x86)\National Instruments\NI Device Monitor\DeviceMonitor.exe [151552 2015-06-12] (National Instruments Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3213824 2016-09-20] (Malwarebytes)
HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [616384 2016-06-15] (Cisco WebEx LLC)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [Akamai NetSession Interface] => C:\Users\vieraidx\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-18] (Google Inc.)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [f.lux] => C:\Users\vieraidx\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Policies\Explorer: []
HKU\S-1-5-21-997763345-3520757737-165814833-1000\...\MountPoints2: {37949b7a-3ac1-11e0-bfec-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Del477648494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del47943210] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del134344114] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-05-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ariel System Tray.lnk [2016-09-20]
ShortcutTarget: Ariel System Tray.lnk -> C:\Program Files (x86)\Ariel\Performance\ArielTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BgInfo.cmd [2014-03-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2016-09-20]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog - Auto Update.lnk [2016-09-20]
ShortcutTarget: Parker Autoclave Engineers Valves Fittings Tubing Ecatalog - Auto Update.lnk -> C:\Program Files (x86)\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog\VFTecatupdate.exe (Parker Autoclave Engineers)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk [2016-09-20]
ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk -> C:\Program Files (x86)\Snap-tite\QDecatupdate.exe (Snap-tite Components)
Startup: C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-09-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448 2009-07-13] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog9 12 C:\Windows\SysWOW64\nutafun4.dll [164232 2012-10-12] (MKS Software Inc.)
Winsock: Catalog9 13 C:\Windows\SysWOW64\nutafun4.dll [164232 2012-10-12] (MKS Software Inc.)
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000 2009-07-13] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\nutafun4.dll [205624 2012-10-12] (MKS Software Inc.)
Winsock: Catalog9-x64 13 C:\Windows\system32\nutafun4.dll [205624 2012-10-12] (MKS Software Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}: [DhcpNameServer] 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202
Tcpip\..\Interfaces\{9A870231-2AC3-4FC0-9E13-426C8A212208}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0BD89A2-0196-4F2C-8582-698D606FB76F}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://intranet/WinExchange/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet/WinExchange/
SearchScopes: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2016-06-15] (Cisco WebEx LLC)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2016-06-15] (Cisco WebEx LLC)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2016-06-15] (Cisco WebEx LLC)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2016-06-15] (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM {82DBCFDB-5658-4CFB-B32B-0828247043C0} hxxp://pdmpd.weatherford.com/Windchill/wtcore/jsp/wvs/download/x86e_win64_ie/pvvercheck_ie.cab
DPF: HKLM-x32 {58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB} hxxp://515opwebcapture/ecNet/ecNetClient.CAB
DPF: HKLM-x32 {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} hxxp://reports.asme.org/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://us.myweatherford.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} hxxp://pdmpd.weatherford.com/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @ptc.com/IsoView -> C:\Program Files (x86)\Common Files\PTC\npisoview.dll [2014-10-29] (PTC Inc.)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll [2014-10-29] (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-14] ()
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

Chrome:
=======
CHR Profile: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default [2016-09-20]
CHR Extension: (Xfinity) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2016-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-20]
CHR Extension: (Chrome Media Router) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-20]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-19] (Windows (R) Win 7 DDK provider)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 impi_smpd; C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe [1611168 2015-07-09] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-08-17] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [510976 2015-03-18] (PTC Inc.) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-27] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [287232 2010-06-21] (Intel(R) Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-11] (NVIDIA Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 smwdm; C:\Windows\System32\drivers\smwdm.sys [347904 2005-02-03] (Analog Devices, Inc.)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-03-03] (Sierra Wireless Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S1 hzbfcuob; \??\C:\Windows\system32\drivers\hzbfcuob.sys [X]
S1 scyiuwuw; \??\C:\Windows\system32\drivers\scyiuwuw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-20 18:02 - 2016-09-20 18:03 - 00036163 _____ C:\Users\vieraidx\Downloads\FRST.txt
2016-09-20 18:01 - 2016-09-20 18:02 - 00000000 ____D C:\FRST
2016-09-20 18:00 - 2016-09-20 18:00 - 02402816 _____ (Farbar) C:\Users\vieraidx\Downloads\FRST64.exe
2016-09-20 04:03 - 2016-09-20 04:03 - 00000000 ____D C:\Users\vieraidx\AppData\LocalLow\AskToolbar
2016-09-20 03:12 - 2016-09-20 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-19 20:15 - 2016-09-19 20:15 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-09-19 18:47 - 2016-09-19 18:47 - 00000000 ____D C:\ProgramData\FileFinder
2016-09-19 18:46 - 2016-09-19 18:47 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-19 11:48 - 2016-09-19 11:48 - 00131228 _____ C:\Users\vieraidx\Desktop\Workcycles-prices-Vkp-EN-Mrt15-City.pdf
2016-09-15 09:46 - 2016-09-15 09:46 - 00034358 _____ C:\Users\vieraidx\Downloads\TGCK_RELEASE_FORM (1).pdf
2016-09-15 09:45 - 2016-09-15 09:45 - 00108201 _____ C:\Users\vieraidx\Downloads\San Marcos 2016.pdf
2016-09-15 09:45 - 2016-09-15 09:45 - 00034358 _____ C:\Users\vieraidx\Downloads\TGCK_RELEASE_FORM.pdf
2016-09-13 10:59 - 2016-09-13 11:01 - 00886990 _____ C:\Users\vieraidx\Desktop\SOLID YCV.STP
2016-09-12 10:45 - 2016-09-12 10:45 - 00056164 _____ C:\Users\vieraidx\Downloads\VeritasReset (1).pdf
2016-09-11 18:07 - 2016-09-11 18:07 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (7).pdf
2016-09-11 17:09 - 2016-09-11 17:09 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (6).pdf
2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (5).pdf
2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (4).pdf
2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (3).pdf
2016-09-11 15:17 - 2016-09-11 15:17 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (2).pdf
2016-09-11 14:48 - 2016-09-11 14:48 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (1).pdf
2016-09-11 11:20 - 2016-09-11 11:20 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft.pdf
2016-09-09 15:00 - 2016-09-09 15:00 - 00085677 _____ C:\Users\vieraidx\Desktop\01900516_Part_A.pdf
2016-09-08 14:54 - 2016-09-08 14:54 - 00058267 _____ C:\Users\vieraidx\Downloads\GSAP_msds_01104200.PDF
2016-09-08 14:54 - 2016-09-08 14:54 - 00058267 _____ C:\Users\vieraidx\Desktop\GSAP_msds_01104200 (1).PDF
2016-09-07 10:32 - 2016-09-07 10:32 - 00000000 ____D C:\Users\vieraidx\AppData\Local\CEF
2016-09-06 09:18 - 2016-09-20 04:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-04 06:01 - 2016-09-17 11:30 - 00011612 _____ C:\Users\vieraidx\Desktop\Beetle.xlsx
2016-09-03 09:42 - 2016-09-03 09:43 - 00056164 _____ C:\Users\vieraidx\Downloads\VeritasReset.pdf
2016-09-03 06:55 - 2016-09-03 06:55 - 00054082 _____ C:\Users\vieraidx\Downloads\Key Purchase.pdf
2016-09-01 13:57 - 2016-09-01 13:57 - 00108595 _____ C:\Users\vieraidx\Downloads\Automatic Pmt Form Rev. 05-2016 (1).pdf
2016-09-01 11:22 - 2016-09-01 11:22 - 00015575 _____ C:\Users\vieraidx\Downloads\P25471-6-35-P25471 Patent Review - Approved.pdf
2016-09-01 11:15 - 2016-09-01 11:15 - 00108595 _____ C:\Users\vieraidx\Downloads\Automatic Pmt Form Rev. 05-2016.pdf
2016-09-01 09:52 - 2016-09-01 09:52 - 00242984 _____ C:\Users\vieraidx\Downloads\WFT Stage Gate Development Process.pdf
2016-08-31 14:16 - 2016-08-31 14:16 - 00204035 _____ C:\Users\vieraidx\Downloads\catalogo_motorini (1).zip
2016-08-31 14:13 - 2016-08-31 14:13 - 00204035 _____ C:\Users\vieraidx\Downloads\catalogo_motorini.zip
2016-08-28 10:20 - 2016-08-28 10:20 - 156029242 _____ C:\Users\vieraidx\Desktop\N_Beetle_98-08 (1).pdf
2016-08-28 10:19 - 2016-08-28 10:19 - 156029242 _____ C:\Users\vieraidx\Downloads\N_Beetle_98-08.pdf
2016-08-27 09:54 - 2016-08-27 09:54 - 02121196 _____ C:\Users\vieraidx\Desktop\Application for Texas Title and_or Registration (Form 130-U).pdf
2016-08-27 09:46 - 2016-08-27 09:46 - 01803260 _____ C:\Users\vieraidx\Downloads\130-U (2).pdf
2016-08-26 18:51 - 2016-08-26 18:51 - 00124992 _____ C:\Users\vieraidx\Downloads\Bill of Sale - v2 -- 2008 Volkswagen.pdf
2016-08-26 18:48 - 2016-08-26 18:48 - 01803260 _____ C:\Users\vieraidx\Downloads\130-U (1).pdf
2016-08-26 09:55 - 2016-08-26 09:55 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (3).pdf
2016-08-26 09:55 - 2016-08-26 09:55 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (2).pdf
2016-08-26 09:53 - 2016-08-26 09:53 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (1).pdf
2016-08-26 09:52 - 2016-08-26 09:52 - 00167748 _____ C:\Users\vieraidx\Downloads\ReturnofServiceFaxedDPSSOAH.pdf
2016-08-25 10:51 - 2016-08-25 10:51 - 00134870 _____ C:\Users\vieraidx\Desktop\3591 rev H.dwg
2016-08-23 15:02 - 2016-08-23 15:02 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice.pdf
2016-08-23 13:48 - 2016-08-23 13:48 - 00409192 _____ C:\Users\vieraidx\Downloads\CARFAX Vehicle History Report for this 2008 VOLKSWAGEN NEW BEETLE S_SE_ 3VWRW31C08M522598 (2).pdf
2016-08-22 16:50 - 2016-08-22 16:50 - 00409192 _____ C:\Users\vieraidx\Downloads\CARFAX Vehicle History Report for this 2008 VOLKSWAGEN NEW BEETLE S_SE_ 3VWRW31C08M522598 (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-20 16:04 - 2012-08-27 03:51 - 00000000 ____D C:\Users\vieraidx\Documents\Outlook Files
2016-09-20 15:34 - 2012-08-06 15:32 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-20 14:38 - 2010-03-24 17:42 - 00000656 _____ C:\Windows\system32\config\netlogon.ftl
2016-09-20 14:03 - 2015-09-24 13:58 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-20 13:11 - 2012-08-02 15:24 - 00128496 __RSH C:\ProgramData\ntuser.pol
2016-09-20 12:50 - 2013-10-11 06:57 - 00000000 ____D C:\Windows\ccmcache
2016-09-20 11:56 - 2016-05-22 15:17 - 00002202 _____ C:\Users\vieraidx\Desktop\Kindle.lnk
2016-09-20 10:15 - 2013-02-08 10:17 - 00000000 ____D C:\Users\vieraidx\Documents\My Received Files
2016-09-20 08:26 - 2009-07-13 23:45 - 00017696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-20 08:26 - 2009-07-13 23:45 - 00017696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-20 08:05 - 2014-09-23 17:06 - 00000000 ____D C:\Users\vieraidx\Desktop\Purch Req's
2016-09-20 07:47 - 2012-08-06 10:54 - 00000000 ____D C:\Users\vieraidx\Tracing
2016-09-20 07:44 - 2012-08-03 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2016-09-20 07:44 - 2012-08-03 09:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2016-09-20 04:04 - 2015-09-24 14:25 - 00000000 ___RD C:\Users\vieraidx\Dropbox
2016-09-20 04:03 - 2016-05-13 20:18 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-09-20 04:03 - 2016-04-24 22:50 - 00000762 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2016-09-20 04:03 - 2016-04-13 09:33 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
2016-09-20 04:03 - 2016-02-08 09:16 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCAP.lnk
2016-09-20 04:03 - 2016-02-08 09:16 - 00002065 _____ C:\Users\Public\Desktop\WCAP.lnk
2016-09-20 04:03 - 2015-08-19 09:25 - 00002109 _____ C:\Users\Public\Desktop\WFT Service Desk.lnk
2016-09-20 04:03 - 2014-05-16 14:03 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2016-09-20 04:03 - 2014-04-07 07:10 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center Endpoint Protection.lnk
2016-09-20 04:03 - 2013-06-04 15:12 - 00001899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HRTWin.lnk
2016-09-20 04:03 - 2013-05-20 11:20 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-20 04:03 - 2013-05-18 01:16 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-20 04:03 - 2013-05-02 08:29 - 00002447 _____ C:\Users\Public\Desktop\WFT Employee Connect.lnk
2016-09-20 04:03 - 2012-10-26 10:40 - 00001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WFT Intranet.lnk
2016-09-20 04:03 - 2012-09-28 13:18 - 00002143 _____ C:\Users\Public\Desktop\AutoCAD LT 2012.lnk
2016-09-20 04:03 - 2012-08-06 10:53 - 00001437 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-20 04:03 - 2012-08-06 10:53 - 00001403 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-20 04:03 - 2010-02-25 17:43 - 00001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2016-09-20 04:03 - 2010-02-25 17:03 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-20 04:03 - 2010-02-25 17:03 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-20 04:03 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-20 04:03 - 2009-07-13 23:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-20 04:03 - 2009-07-13 23:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-20 04:03 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-20 04:02 - 2016-04-24 22:50 - 00000750 _____ C:\Users\vieraidx\Desktop\Anki.lnk
2016-09-20 04:02 - 2016-02-15 14:44 - 00001174 _____ C:\Users\vieraidx\Desktop\CPD Systems Engineering - Shortcut.lnk
2016-09-20 04:02 - 2016-02-15 12:10 - 00000840 _____ C:\Users\vieraidx\Desktop\P25471 - Set Point Choke - Shortcut.lnk
2016-09-20 04:02 - 2016-02-15 12:08 - 00000782 _____ C:\Users\vieraidx\Desktop\Standards - Shortcut.lnk
2016-09-20 04:02 - 2016-02-15 12:08 - 00000612 _____ C:\Users\vieraidx\Desktop\Calculators - Shortcut.lnk
2016-09-20 04:02 - 2015-12-23 10:05 - 00001314 _____ C:\Users\vieraidx\Desktop\NS.lnk
2016-09-20 04:02 - 2015-10-02 07:37 - 00003031 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\CADRE Pro.lnk
2016-09-20 04:02 - 2015-08-21 12:47 - 00001728 _____ C:\Users\vieraidx\Desktop\Creo3 PDMLink.lnk
2016-09-20 04:02 - 2015-08-19 09:25 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WFT Service Desk.lnk
2016-09-20 04:02 - 2015-08-19 09:25 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\OEPS Online.lnk
2016-09-20 04:02 - 2015-07-01 13:55 - 00002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mathcad 15.lnk
2016-09-20 04:02 - 2014-02-11 18:24 - 00002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog.lnk
2016-09-20 04:02 - 2013-03-25 15:12 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Snap-tite Components.lnk
2016-09-20 04:02 - 2012-08-28 02:34 - 00001204 _____ C:\Users\vieraidx\Desktop\Convert - Shortcut.lnk
2016-09-20 04:02 - 2012-08-14 13:02 - 00003003 _____ C:\Users\vieraidx\Desktop\Microsoft Word 2010.lnk
2016-09-20 04:02 - 2012-08-14 13:02 - 00002933 _____ C:\Users\vieraidx\Desktop\Microsoft Excel 2010.lnk
2016-09-20 04:02 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-20 04:02 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-20 03:55 - 2010-02-25 17:57 - 00000567 _____ C:\Windows\SMSCFG.ini
2016-09-20 03:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-20 03:52 - 2012-08-02 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-20 03:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-20 03:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2016-09-20 03:50 - 2016-02-08 09:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-20 03:49 - 2013-08-03 12:20 - 00000000 ____D C:\ProgramData\comcastModemRelease
2016-09-20 03:49 - 2013-06-17 08:04 - 00000000 ____D C:\Program Files (x86)\Ask.com
2016-09-20 03:34 - 2012-08-06 15:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-20 03:29 - 2016-02-08 10:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-20 03:29 - 2012-09-15 11:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-20 03:13 - 2015-09-24 13:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-20 03:12 - 2015-09-24 13:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-19 18:46 - 2013-06-04 15:10 - 00002357 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2016-09-19 18:46 - 2012-08-02 15:49 - 00001527 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-19 18:46 - 2012-08-02 15:49 - 00001505 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-17 03:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-16 15:36 - 2016-02-19 17:49 - 00000000 ____D C:\Users\vieraidx\Desktop\Weekly Updates
2016-09-15 16:47 - 2014-05-16 14:01 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Paint.NET
2016-09-13 16:29 - 2012-09-15 11:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 16:29 - 2012-08-02 15:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 16:29 - 2012-08-02 15:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 16:29 - 2012-08-02 15:49 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 16:29 - 2010-02-25 17:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 16:00 - 2014-12-23 23:04 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-13 15:54 - 2013-11-22 11:38 - 00000000 ____D C:\Users\vieraidx\Documents\creo
2016-09-12 18:45 - 2014-10-17 10:21 - 00000000 ____D C:\Users\vieraidx\Desktop\Misc
2016-09-10 08:52 - 2009-07-14 00:13 - 00783946 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-08 13:46 - 2016-03-08 11:09 - 00011550 _____ C:\Users\vieraidx\Desktop\Leave Summary.xlsx
2016-09-07 15:25 - 2016-04-24 22:52 - 00000000 ____D C:\Users\vieraidx\Documents\Anki
2016-09-07 10:32 - 2014-08-17 17:14 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Adobe
2016-09-06 09:18 - 2010-02-25 17:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-25 12:57 - 2011-02-17 13:31 - 00000000 ____D C:\ProgramData\Sonic

==================== Files in the root of some directories =======

1999-10-30 22:54 - 2012-08-28 02:34 - 0561152 _____ (Joshua F. Madison) C:\Program Files\Convert.exe
1999-10-29 20:55 - 2012-08-28 02:34 - 0000616 _____ () C:\Program Files\readme.txt
2013-09-20 08:02 - 2013-09-20 08:02 - 0038479 _____ () C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-09-20 08:03 - 2014-04-15 13:37 - 0009369 _____ () C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).EML
2013-10-21 11:46 - 2014-11-12 09:08 - 0000670 _____ () C:\Users\vieraidx\AppData\Local\FlownexFiles.ini
2008-04-28 13:21 - 2008-04-28 13:21 - 0003120 _____ () C:\Users\vieraidx\AppData\Local\Pumpflo_100.dat
2012-08-06 10:53 - 2010-03-24 17:46 - 0000017 _____ () C:\Users\vieraidx\AppData\Local\resmon.resmoncfg
2015-02-10 06:18 - 2015-02-10 06:18 - 0000000 _____ () C:\Users\vieraidx\AppData\Local\{103B46B2-6340-4BE1-AE64-BC12338574D5}
2015-10-10 10:18 - 2015-10-10 10:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-08-03 09:31 - 2012-08-03 09:31 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\vieraidx\AppData\Local\temp\bc8e-45d6-8a67-b48b.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-15 07:30

==================== End of FRST.txt ============================

Malnutrition · Sep 21, 2016

ZHP Scan.

1.Please download zhp cleaner to your desktop. Right Click the icon and select run as administrator.

http://nicolascoolman.com/download/zhpcleaner

2. Once you have started the program, you will need to click the scanner button.

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

RogueKiller by Tigzy

Download RogueKiller and save it to your desktop

Close all running programs

Right click on the icon and select Run as Administrator

For Windows XP simply double click on the icon

The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button

Click Scan

If, during the scan, you receive a request to upload a file to Virustotal please click Yes

A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.

If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again

Copy and paste the contents of the report in your reply

BJanson · Sep 21, 2016

Malnutrition,
I'm still working through the instructions (have to break up addition.txt to meet the 10000 character requirement). Do you want me to do this now, or continue with instructions first?

Malnutrition · Sep 21, 2016

Go ahead and run the programs suggested. If you have a problem posting here, then upload the file rather than copy and paste. If you can not upload the addition.txt then upload it to sendspace.com post the link here.

BJanson · Sep 21, 2016

Addition.txt...

BJanson · Sep 21, 2016

aswMBR...

Malnutrition · Sep 21, 2016

OK, continue on with the other scans.

BJanson · Sep 21, 2016

The ZHP scan, correct?

Malnutrition · Sep 21, 2016

Yes, and the other two.

BJanson · Sep 21, 2016

ZHP Scan...

~ ZHPCleaner v2016.9.20.137 by Nicolas Coolman (2016/09/20)
~ Run by vieraidx (Administrator) (20/09/2016 18:52:15)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\vieraidx\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\vieraidx\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Enterprise, 64-bit (Build 7600)

---\\ Services (2)
WINSOCK [Protocol_Catalog9\Catalog_Entries]: Reset the socket that handles the layer TCP/IP (Hijacker.Winsock)
WINSOCK [Protocol_Catalog9\Catalog_Entries64]: Reset the socket that handles the layer TCP/IP (Hijacker.Winsock)

---\\ Browser internet (0)
~ No malicious or unnecessary items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (1)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (19)
MOVED file: C:\Windows\Prefetch\UPDATETRUSTEDSITES.EXE-AB8F50B6.pf =>PUP.Optional.SimpleSearches
MOVED file: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\vieraidx\AppData\Local\temp\0297-3688-69c8-d9d4 [Webitar Production Inc. - ] =>.Superfluous.WebitarProduction
MOVED file: C:\Users\vieraidx\AppData\Local\temp\7abb-57b8-350a-581f [Webitar Production Inc. - ] =>.Superfluous.WebitarProduction
MOVED file: C:\Users\vieraidx\AppData\Local\temp\bc8e-45d6-8a67-b48b.exe [Webitar Production Inc. - ] =>.Superfluous.WebitarProduction
MOVED file: c:\program files (x86)\Ask.com\fv_cea4.ico =>Toolbar.AsktBar
MOVED file: C:\Windows\Installer\{4F524A2D-5350-4500-76A7-A758B70C1D00}\ToolbarIcon.exe =>PUP.Optional.BrowserTabSearch
MOVED folder^: C:\Program Files (x86)\Ask.com =>Toolbar.Ask
MOVED folder: C:\Program Files (x86)\Bobrowsercm =>PUP.Optional.BoBrowser
MOVED folder: C:\Program Files (x86)\download Manager =>PUP.Optional.DownloadManager
MOVED folder: C:\Program Files (x86)\globalUpdate =>PUP.Optional.GlobalUpdate
MOVED folder: C:\ProgramData\APN =>Toolbar.Ask
MOVED folder: C:\ProgramData\Webitar Production Inc =>.Superfluous.WebitarProduction
MOVED folder: C:\Users\vieraidx\AppData\LocalLow\AskToolbar =>Toolbar.Ask
MOVED folder: C:\Users\vieraidx\AppData\Local\CrossBrowser =>PUP.Optional.CrossBrowser
MOVED folder: C:\Users\vieraidx\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate
MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly =>PUP.Optional.Dealply
MOVED folder: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ

---\\ Registry ( Key, Value, Data) (71)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013 [C:\Windows\System32\nutafun4.dll] (Hijacker.Winsock)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}\\DhcpNameServer [Bad : 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202] =>Hijacker.Browser
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\APN [] =>Toolbar.Ask
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Ask.com [] =>Toolbar.Ask
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\globalUpdate [] =>PUP.Optional.GlobalUpdate
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcCurveStartPoint [EpfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcCurveStartPoint.1 [EpfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcNewModelImportType [EpfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.EpfcNewModelImportType.1 [EpfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNeckFeat [MpfcNeckFeat Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNeckFeat.1 [MpfcNeckFeat Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNote [MpfcNote Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.MpfcNote.1 [MpfcNote Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcCurveStartPoint [pfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcCurveStartPoint.1 [pfcCurveStartPoint Class] =>PUP.Optional.PaybyAds
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNEUTRALFileExportInstructions [pfcNEUTRALFileExportInstructions Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNEUTRALFileExportInstructions.1 [pfcNEUTRALFileExportInstructions Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNewModelImportType [pfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNewModelImportType.1 [pfcNewModelImportType Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNURBSSurfaceDescriptor [pfcNURBSSurfaceDescriptor Class] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Classes\pfc.pfcNURBSSurfaceDescriptor.1 [pfcNURBSSurfaceDescriptor Class] =>Adware.Navipromo
DELETED key: HKCU\Software\APN [] =>Toolbar.Ask
DELETED key: HKCU\Software\Ask.com [] =>Toolbar.Ask
DELETED key: HKCU\Software\globalUpdate [] =>PUP.Optional.GlobalUpdate
DELETED key*: HKCU\Software\AppDataLow\Software\AskToolbar [] =>Toolbar.Ask
DELETED key*: HKCU\Software\AppDataLow\Software\SpeedChecker [] =>PUP.Optional.InternetSpeedChecker
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} [Ask.com] =>Toolbar.Ask
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48A81A13-A1C7-48E6-9BF0-FD5DD1584B92} [C:\Program Files (x86)\I - Cinema (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [C:\Program Files (x86)\Ask.com\] =>Toolbar.Ask
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC155037-DA84-4B86-B29C-736BC9F34C23} [C:\Program Files (x86)\I - Cinema (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL [] =>PUP.Optional.AsksBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector [Protector Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [Protector Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [ProtectorLib Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [ProtectorLib Class] =>PUP.Optional.BProtector
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [Ask Toolbar] =>Toolbar.AsktBar
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100 [Search App by Ask] =>PUP.Optional.BrowserTabSearch
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\APN [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\AskToolbar [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Clara [] =>PUP.Optional.SupTab
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Webitar Production Inc. [] =>.Superfluous.WebitarProduction
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\GenericAskToolbar.DLL [] =>PUP.Optional.AsksBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} [Ask.com] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 [] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS [] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BoBrowser_RASAPI32 [] =>PUP.Optional.BoBrowser
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BoBrowser_RASMANCS [] =>PUP.Optional.BoBrowser
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\I - Cinema-codedownloader_RASAPI32 [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\I - Cinema-codedownloader_RASMANCS [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32 [] =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS [] =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32 [] =>PUP.Optional.UpdateTask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS [] =>PUP.Optional.UpdateTask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [C:\Program Files (x86)\Ask.com\] =>Toolbar.Ask
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF [] =>Toolbar.AsktBar
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100 [] =>PUP.Optional.BrowserTabSearch
DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\NuTCSetupEnviron [C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe] =>Heuristic.Salus
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater ["C:\Program Files (x86)\Ask.com\Updater\Updater.exe"] =>Toolbar.Ask

---\\ Summary of the elements found (23)
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.SimpleSearches
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.WebitarProduction
https://www.nicolascoolman.com/fr/?p=5143 =>Toolbar.AsktBar
https://www.nicolascoolman.com/fr/pup-browsertabsearch/ =>PUP.Optional.BrowserTabSearch
https://www.nicolascoolman.com/fr/toolbar-ask/ =>Toolbar.Ask
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BoBrowser
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.DownloadManager
https://www.nicolascoolman.com/fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.CrossBrowser
https://www.nicolascoolman.com/fr/pup-dealply/ =>PUP.Optional.Dealply
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
https://www.nicolascoolman.com/fr/pup-paybyads/ =>PUP.Optional.PaybyAds
https://www.nicolascoolman.com/fr/adware-navipromo/ =>Adware.Navipromo
https://www.anti-malware.top/2016/05/02/pup-optional-internetspeedchecker/ =>PUP.Optional.InternetSpeedChecker
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.AsksBar
https://www.anti-malware.top/2016/04/30/pup-optional-bprotector/ =>PUP.Optional.BProtector
https://www.nicolascoolman.com/fr/pup-suptab/ =>PUP.Optional.SupTab
https://www.nicolascoolman.com/fr/?p=5143 =>Toolbar.AskBar
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.UpdateTask
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>Heuristic.Salus

---\\ Other deletions. (245)
~ Registry Keys Tracing deleted (245)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.

---\\ Statistics
~ Items scanned : 697
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 92

~ End of clean in 00h01mn25s
~====================
ZHPCleaner-[R]-20092016-18_53_40.txt
ZHPCleaner-~~-20092016-18_50_54.txt~~

BJanson · Sep 21, 2016

Zoek...

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by vieraidx on Tue 09/20/2016 at 19:02:27.15.
Microsoft Windows 7 Enterprise 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\vieraidx\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9/20/2016 7:04:41 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Pointstone deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\McAfee deleted successfully
C:\PROGRA~3\Reprise deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\PROGRA~3\xfinity deleted successfully
C:\Users\vieraidx\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Administrator\AppData\Local\AVG Secure Search deleted successfully
C:\Users\vieraidx\AppData\Local\calibre-cache deleted successfully
C:\Users\vieraidx\AppData\Local\Garmin deleted successfully
C:\Users\vieraidx\AppData\Local\LogMeIn Rescue Applet deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EACF0964-EB7E-31AA-FFEA-CC5EC17DA64C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{F003DA68-8256-4b37-A6C4-350FA04494DF} deleted successfully

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Pointstone not found
C:\Users\vieraidx\AppData\Roaming\calibre deleted
C:\Windows\syswow64\appdata deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEATHE~1 deleted
C:\Users\vieraidx\.android deleted
C:\PROGRA~2\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Ask.com deleted
C:\BrowserFragments.xml deleted
C:\DocumentFragments.xml deleted
C:\KeysAndPasswordFragments.xml deleted
C:\pagetables.xml deleted
C:\patternhits.xml deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Administrator\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\Default\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\UpdatusUser\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\vieraidx\AppData\Local\APN deleted
C:\Users\vieraidx\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142080} deleted
C:\Users\vieraidx\AppData\Local\cache deleted
C:\Users\vieraidx\Downloads\android-studio-bundle-143.2739321-windows.exe deleted
C:\Users\Administrator\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\vieraidx\Documents\Add-in Express deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
"C:\Windows\Installer\a29346.msi" deleted
"C:\Windows\Installer\517208.msi" deleted
"C:\Users\vieraidx\AppData\Local\{103B46B2-6340-4BE1-AE64-BC12338574D5}" deleted
"C:\Users\vieraidx\AppData\Roaming\mplayer\config" deleted
"C:\Users\vieraidx\AppData\Roaming\mplayer" deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hemjgdpngmhbimofcicjfhibkdbigdmb - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx[02/08/2013 10:46 AM]
nogdfjjfhknacchjpiccacoimeelkajb - No path found[]

Xfinity - vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb
Chrome Media Router - vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\71207D7947FA4DCAA95FD54BC0330EF8 - http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_en
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_en

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\57B5CB7129666E043A7448F995B58C20 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17BC5B75-6692-40E6-A347-849F595BC802} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\57B5CB7129666E043A7448F995B58C20 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ewtion deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vieraidx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\vieraidx\AppData\Local\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vieraidx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=735 folders=106 2590741169 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\TEMP\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\vieraidx\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\vieraidx\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\vieraidx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Tue 09/20/2016 at 19:26:15.64 ======================

BJanson · Sep 21, 2016

Rogue Killer...
RogueKiller V12.6.3.0 (x64) [Sep 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : vieraidx [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/20/2016 19:32:02 (Duration : 00:32:24)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\AVG Secure Search -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\AVG Secure Search -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://intranet/WinExchange/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://intranet/WinExchange/ -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {778FDF75-49F3-4B64-A2DA-01F184281FE3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\vieraidx\AppData\Local\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4BDD2595-F14F-4EE3-8536-D7D26C077240} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\vieraidx\AppData\Local\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {778FDF75-49F3-4B64-A2DA-01F184281FE3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\vieraidx\AppData\Local\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4BDD2595-F14F-4EE3-8536-D7D26C077240} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\vieraidx\AppData\Local\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {778FDF75-49F3-4B64-A2DA-01F184281FE3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\vieraidx\AppData\Local\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4BDD2595-F14F-4EE3-8536-D7D26C077240} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\vieraidx\AppData\Local\temp\7zS2A89\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\Users\vieraidx\AppData\Local\YSearchUtil -> Found
[PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis -> Found
[PUP][Folder] C:\Program Files (x86)\turbodiagnosis -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500423AS ATA Device +++++
--- User ---
[MBR] 443b09f6e2f68fb6f2b6ed6214dc5f60
[BSP] da53413039e8b8ea17787f20919b413c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

BJanson · Sep 21, 2016

I assume I should also remove threats that rogue killer finds, correct?

Malnutrition · Sep 21, 2016

Yes....

Aslo;.........
Zemana Scan

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

Remove any infections found.

Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply

BJanson · Sep 21, 2016

Zemana scan...

Zemana AntiMalware 2.30.2.75 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/9/20
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
BIOS Mode : Legacy
CUID : 12DD319D574B63741FF9E1
Scan Type : Deep Scan
Duration : 86m 6s
Scanned Objects : 329353
Detected Objects : 20
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WFT,1,3

Detected Objects
-------------------------------------------------------

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Policy
Status : Scanned
Object : http://usintranet/winexchange
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Policy

Chrome Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : "
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Updater.exe
Status : Scanned
Object : %homedrive%\zoek_backup\c_progra~2_ask.com\updater\updater.exe
MD5 : 6EA1BF3F6E6B0613351411A3EB6B85A2
Publisher : Ask.com
Size : 1561768
Version : 1.2.1.23037
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\zoek_backup\c_progra~2_ask.com\updater\updater.exe

vft_ecatalog.exe
Status : Scanned
Object : %homedrive%\zoek_backup\c_progra~2_parker autoclave engineers valves fittings tubing ecatalog\vft_ecatalog.exe
MD5 : AE462C63E0DAF532B51E036192226A22
Publisher : -
Size : 79511
Version : -
Detection : Malware:Win32/Tazzi.A!Taka
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\zoek_backup\c_progra~2_parker autoclave engineers valves fittings tubing ecatalog\vft_ecatalog.exe

Updater.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\ask.com.dir\updater\updater.exe
MD5 : 6EA1BF3F6E6B0613351411A3EB6B85A2
Publisher : Ask.com
Size : 1561768
Version : 1.2.1.23037
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\ask.com.dir\updater\updater.exe

UpdateTask.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\dealply\updateproc\updatetask.exe
MD5 : 2B2B6A5973E1F90B8E34BD800A887B4A
Publisher : DealPly Technologies Ltd
Size : 93728
Version : -
Detection : Adware:Win32/DealPly!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\dealply\updateproc\updatetask.exe

SaUpdate.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\ask.com.dir\saupdate.exe
MD5 : 7D8C13D31D6EB6BE28984923D894A38D
Publisher : Ask.com
Size : 196776
Version : -
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\ask.com.dir\saupdate.exe

bc8e-45d6-8a67-b48b.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\bc8e-45d6-8a67-b48b.exe
MD5 : F814096ABC23DD904E2169746B5A1084
Publisher : EU Millennium Business LP
Size : 5083392
Version : 0.0.0.0
Detection : Adware:Win32/ExpressDownloader-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\bc8e-45d6-8a67-b48b.exe

precache.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\ask.com.dir\precache.exe
MD5 : 21C5596252234BFB6F1AF059F64B0CB5
Publisher : Ask.com
Size : 70824
Version : -
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\ask.com.dir\precache.exe

Cleaning Result
-------------------------------------------------------
Cleaned : 20
Reported as safe : 0
Failed : 0

BJanson · Sep 21, 2016

deleted

jmarket · Sep 21, 2016

I see you have a lot of PUPs and redirects. ZHP removed a lot, but security is our utmost priority here. To verify you are indeed clear of these before proceeding, please do the following

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Cleaning" button.

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[s#].txt

Please Copy and Paste the contents of the log file with your next reply.

Malnutrition · Sep 21, 2016

OK, lets go ahead and run a fix with FRST. Then run adware cleaner as suggested by Jmarket, and remove some trash programs from your computer.

Remove the items from your machine with Geek Uninstaller.

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

BJanson · Sep 22, 2016

AdwCleaner log...

# AdwCleaner v6.020 - Logfile created 21/09/2016 at 22:00:49
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-21.1 [Server]
# Operating System : Windows 7 Enterprise (X64)
# Username : vieraidx - 9SQ6GV1
# Running from : C:\Users\vieraidx\Desktop\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Administrator\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (5).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (6).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Value deleted: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [ Web browsers ] *****

[-] [C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: isearch.avg.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8865 Bytes] - [21/09/2016 22:00:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [9901 Bytes] - [21/09/2016 21:59:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9011 Bytes] ##########

jmarket · Sep 22, 2016

Beautiful

I knew you had some remaining traces left. Now run Malnutrition's scan and fix in this post.

BJanson

Malnutrition

Malnurished Mod

BJanson

Malnutrition

Malnurished Mod

BJanson

Attachments

BJanson

Attachments

Malnutrition

Malnurished Mod

BJanson

Malnutrition

Malnurished Mod

BJanson

BJanson

BJanson

BJanson

Malnutrition

Malnurished Mod

BJanson

BJanson

jmarket

PCHF's Almighty Ruler

Malnutrition

Malnurished Mod

Attachments

BJanson

jmarket

PCHF's Almighty Ruler

Search

Search

Solved Suspected Malware