Solved Suspected Malware

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Didn't realize Malnutrition had posted before I did the adware cleaner. So, I need to do the FRST fix now? What about the Greek unistaller? Do that before, after, or not at all?
 
BJanson said:
Didn't realize Malnutrition had posted before I did the adware cleaner. So, I need to do the FRST fix now? What about the Greek unistaller? Do that before, after, or not at all?
Click to expand...
Run Geek Uninstaller first, then run the FRST fix. :) I'll copy and paste the content below, and just follow it (y)


Remove the items from your machine with Geek Uninstaller.

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)


FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Fixlog.txg...


Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by vieraidx (21-09-2016 22:44:11) Run:1
Running from C:\Users\vieraidx\Desktop
Loaded Profiles: vieraidx & UpdatusUser (Available Profiles: vieraidx & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses::
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-18] (Google Inc.)
HKU\S-1-5-21-997763345-3520757737-165814833-1000\...\MountPoints2: {37949b7a-3ac1-11e0-bfec-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [Del477648494] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del47943210] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del134344114] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448 2009-07-13] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000 2009-07-13] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}: [DhcpNameServer] 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202
Tcpip\..\Interfaces\{9A870231-2AC3-4FC0-9E13-426C8A212208}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0BD89A2-0196-4F2C-8582-698D606FB76F}: [DhcpNameServer] 192.168.1.1
ManualProxies:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://intranet/WinExchange/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet/WinExchange/
SearchScopes: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM {82DBCFDB-5658-4CFB-B32B-0828247043C0} hxxp://pdmpd.weatherford.com/Windchill/wtcore/jsp/wvs/download/x86e_win64_ie/pvvercheck_ie.cab
DPF: HKLM-x32 {58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB} hxxp://515opwebcapture/ecNet/ecNetClient.CAB
DPF: HKLM-x32 {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} hxxp://reports.asme.org/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://us.myweatherford.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} hxxp://pdmpd.weatherford.com/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S1 hzbfcuob; \??\C:\Windows\system32\drivers\hzbfcuob.sys [X]
S1 scyiuwuw; \??\C:\Windows\system32\drivers\scyiuwuw.sys [X]
C:\Windows\system32\drivers\scyiuwuw.sys
C:\Windows\system32\drivers\hzbfcuob.sys
C:\Users\vieraidx\AppData\LocalLow\AskToolbar
C:\Program Files (x86)\Ask.com
1999-10-30 22:54 - 2012-08-28 02:34 - 0561152 _____ (Joshua F. Madison) C:\Program Files\Convert.exe
1999-10-29 20:55 - 2012-08-28 02:34 - 0000616 _____ () C:\Program Files\readme.txt
2013-09-20 08:02 - 2013-09-20 08:02 - 0038479 _____ () C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-09-20 08:03 - 2014-04-15 13:37 - 0009369 _____ () C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).EML
2013-10-21 11:46 - 2014-11-12 09:08 - 0000670 _____ () C:\Users\vieraidx\AppData\Local\FlownexFiles.ini
2008-04-28 13:21 - 2008-04-28 13:21 - 0003120 _____ () C:\Users\vieraidx\AppData\Local\Pumpflo_100.dat
2012-08-06 10:53 - 2010-03-24 17:46 - 0000017 _____ () C:\Users\vieraidx\AppData\Local\resmon.resmoncfg
2015-02-10 06:18 - 2015-02-10 06:18 - 0000000 _____ () C:\Users\vieraidx\AppData\Local\{103B46B2-6340-4BE1-AE64-BC12338574D5}
2015-10-10 10:18 - 2015-10-10 10:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-08-03 09:31 - 2012-08-03 09:31 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Task: {06EBCAE2-4916-4E40-B8AB-B4D03AAADADE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1F497ED0-E67B-4BA5-9946-8FA28EFE8CB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B234C788-DE2B-4B45-87F4-6A4165D43EB7} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {B95EE88F-5B05-4699-B67D-D0B06D03DA61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {DB0FCB04-F09A-4ADC-98EC-2ECE73FB8CDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
ShortcutWithArgument: C:\Users\vieraidx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
Emptytemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value not found.
HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value not found.
HKU\S-1-5-21-997763345-3520757737-165814833-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37949b7a-3ac1-11e0-bfec-806e6f6e6963} => key not found.
HKCR\CLSID\{37949b7a-3ac1-11e0-bfec-806e6f6e6963} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del477648494 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del47943210 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del134344114 => value removed successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A870231-2AC3-4FC0-9E13-426C8A212208}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E0BD89A2-0196-4F2C-8582-698D606FB76F}\\DhcpNameServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value not found.
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
"HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value not found.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value not found.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{82DBCFDB-5658-4CFB-B32B-0828247043C0}" => key removed successfully
"HKCR\CLSID\{82DBCFDB-5658-4CFB-B32B-0828247043C0}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{A1B8A30B-8AAA-4A3E-8869-1DA509E8A011}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A1B8A30B-8AAA-4A3E-8869-1DA509E8A011}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{F694EA1F-2EC1-445D-8988-1862AD0CC4C8}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F694EA1F-2EC1-445D-8988-1862AD0CC4C8}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nogdfjjfhknacchjpiccacoimeelkajb" => key removed successfully
catchme => service removed successfully
dbx => service removed successfully
dcdbas => service removed successfully
hzbfcuob => service removed successfully
scyiuwuw => service removed successfully
"C:\Windows\system32\drivers\scyiuwuw.sys" => not found.
"C:\Windows\system32\drivers\hzbfcuob.sys" => not found.
"C:\Users\vieraidx\AppData\LocalLow\AskToolbar" => not found.
"C:\Program Files (x86)\Ask.com" => not found.
C:\Program Files\Convert.exe => moved successfully
C:\Program Files\readme.txt => moved successfully
C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).ADR => moved successfully
C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).EML => moved successfully
C:\Users\vieraidx\AppData\Local\FlownexFiles.ini => moved successfully
C:\Users\vieraidx\AppData\Local\Pumpflo_100.dat => moved successfully
C:\Users\vieraidx\AppData\Local\resmon.resmoncfg => moved successfully
"C:\Users\vieraidx\AppData\Local\{103B46B2-6340-4BE1-AE64-BC12338574D5}" => not found.
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06EBCAE2-4916-4E40-B8AB-B4D03AAADADE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06EBCAE2-4916-4E40-B8AB-B4D03AAADADE}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F497ED0-E67B-4BA5-9946-8FA28EFE8CB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F497ED0-E67B-4BA5-9946-8FA28EFE8CB4}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B234C788-DE2B-4B45-87F4-6A4165D43EB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B234C788-DE2B-4B45-87F4-6A4165D43EB7}" => key removed successfully
C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 4500 series => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP ENVY 4500 series" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B95EE88F-5B05-4699-B67D-D0B06D03DA61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95EE88F-5B05-4699-B67D-D0B06D03DA61}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB0FCB04-F09A-4ADC-98EC-2ECE73FB8CDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB0FCB04-F09A-4ADC-98EC-2ECE73FB8CDC}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Users\vieraidx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wft.root.loc

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3811:920f:9492:88d9%11
Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{E0BD89A2-0196-4F2C-8582-698D606FB76F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wft.root.loc

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3811:920f:9492:88d9%11
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{E0BD89A2-0196-4F2C-8582-698D606FB76F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24727061 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 94788 B
Edge => 0 B
Chrome => 502100575 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 5662905 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66116 B
systemprofile32 => 17061739 B
LocalService => 33125 B
NetworkService => 39914 B
vieraidx => 69015111 B
UpdatusUser => 5662905 B
Administrator => 5762872 B

RecycleBin => 41101707 B
EmptyTemp: => 648.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:45:16 ====
 
OK. Go ahead and run Geek Uninstaller and remove the following entries:

Ask Toolbar
Ask Toolbar Updater
Bing Bar
Google Toolbar for Internet Explorer
Java 8 Update 71
Yahoo Search Set

These are junk and need to be removed.

After doing so, run AdwCleaner once more to ensure that all PUPs are removed and post the log :)
 
None show up this time. I previously uninstalled bing, google, and java. The ask and yahoo didn't show.
 
You were infected by an adware known as Navipromo. It's an adware that uses rootkit techniques to hide itself. To verify it has indeed been removed, I need you to do one final scan for me.

Download Malwarebytes Anti-Malware and run it.
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Please copy and paste the contents of the log in your next reply.
 
After the malwarebytes scan, I would like to check with FRST to make sure that I did not miss anything. I will need fresh logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply

Security Check Scan.



Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.
 
Malwarebytes didn't detect any threats. I see no option to view a detailed log and there is nothing in the history.
 
  • Like
Reactions: jmarket
Frst.txt...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by vieraidx (administrator) on 9SQ6GV1 (22-09-2016 21:46:38)
Running from C:\Users\vieraidx\Desktop\FRST-OlderVersion
Loaded Profiles: vieraidx & UpdatusUser (Available Profiles: vieraidx & UpdatusUser & Administrator)
Platform: Windows 7 Enterprise (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Intel Corporation) C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Akamai Technologies, Inc.) C:\Users\vieraidx\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Akamai Technologies, Inc.) C:\Users\vieraidx\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\vieraidx\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\NI Device Monitor\DeviceMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Ariel\Performance\ArielTray.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-11] ()
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25382344 2016-09-19] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [NI Device Monitor] => C:\Program Files (x86)\National Instruments\NI Device Monitor\DeviceMonitor.exe [151552 2015-06-12] (National Instruments Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-09-22] (Malwarebytes)
HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [616384 2016-06-15] (Cisco WebEx LLC)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [Akamai NetSession Interface] => C:\Users\vieraidx\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [f.lux] => C:\Users\vieraidx\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\...\Policies\Explorer: []
HKU\S-1-5-21-997763345-3520757737-165814833-1000\...\MountPoints2: {37949b7a-3ac1-11e0-bfec-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-05-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ariel System Tray.lnk [2016-09-20]
ShortcutTarget: Ariel System Tray.lnk -> C:\Program Files (x86)\Ariel\Performance\ArielTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BgInfo.cmd [2014-03-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2016-09-20]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog - Auto Update.lnk [2016-09-20]
ShortcutTarget: Parker Autoclave Engineers Valves Fittings Tubing Ecatalog - Auto Update.lnk -> C:\Program Files (x86)\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog\VFTecatupdate.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk [2016-09-20]
ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk -> C:\Program Files (x86)\Snap-tite\QDecatupdate.exe (Snap-tite Components)
Startup: C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-09-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}: [DhcpNameServer] 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202
Tcpip\..\Interfaces\{E0BD89A2-0196-4F2C-8582-698D606FB76F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://intranet/WinExchange/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2016-06-15] (Cisco WebEx LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2016-06-15] (Cisco WebEx LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2016-06-15] (Cisco WebEx LLC)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2016-06-15] (Cisco WebEx LLC)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @ptc.com/IsoView -> C:\Program Files (x86)\Common Files\PTC\npisoview.dll [2014-10-29] (PTC Inc.)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll [2014-10-29] (PTC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-14] ()

Chrome:
=======
CHR Profile: C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default [2016-09-22]
CHR Extension: (Xfinity) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2016-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-19] (Windows (R) Win 7 DDK provider)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 impi_smpd; C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe [1611168 2015-07-09] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-08-17] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [510976 2015-03-18] (PTC Inc.) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-27] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [287232 2010-06-21] (Intel(R) Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-11] (NVIDIA Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 smwdm; C:\Windows\System32\drivers\smwdm.sys [347904 2005-02-03] (Analog Devices, Inc.)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-03-03] (Sierra Wireless Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-20] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-20] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-22 20:39 - 2016-09-22 20:39 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-22 20:36 - 2016-09-22 20:36 - 03934859 _____ C:\Users\vieraidx\Downloads\Docs.pdf
2016-09-22 00:37 - 2016-09-22 00:37 - 00001284 _____ C:\Users\vieraidx\Desktop\AdwCleaner[S1].txt
2016-09-22 00:02 - 2016-09-22 00:02 - 02626201 _____ C:\Users\vieraidx\Downloads\geek (1).zip
2016-09-21 22:44 - 2016-09-22 21:46 - 00000000 ____D C:\Users\vieraidx\Desktop\FRST-OlderVersion
2016-09-21 22:36 - 2016-09-21 22:41 - 00000000 ____D C:\Users\vieraidx\AppData\Roaming\Geek Uninstaller
2016-09-21 22:36 - 2016-09-21 22:36 - 02626201 _____ C:\Users\vieraidx\Downloads\geek.zip
2016-09-21 22:05 - 2016-09-21 22:49 - 00000000 ____D C:\Users\vieraidx\AppData\Local\CrashDumps
2016-09-21 21:58 - 2016-09-22 00:34 - 00000000 ____D C:\AdwCleaner
2016-09-21 21:57 - 2016-09-21 21:57 - 03861056 _____ C:\Users\vieraidx\Desktop\adwcleaner_6.020.exe
2016-09-20 20:32 - 2016-09-22 21:46 - 00076480 _____ C:\Windows\ZAM.krnl.trace
2016-09-20 20:32 - 2016-09-22 21:46 - 00032337 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-09-20 20:31 - 2016-09-20 20:32 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-20 20:31 - 2016-09-20 20:31 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-09-20 20:31 - 2016-09-20 20:31 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-09-20 20:31 - 2016-09-20 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-20 20:29 - 2016-09-20 20:29 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Zemana
2016-09-20 20:28 - 2016-09-20 20:29 - 05292304 _____ ( ) C:\Users\vieraidx\Downloads\Zemana.AntiMalware.Setup.exe
2016-09-20 19:32 - 2016-09-20 19:32 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-20 19:31 - 2016-09-20 19:31 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-20 19:31 - 2016-09-20 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-20 19:31 - 2016-09-20 19:31 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-20 19:30 - 2016-09-20 19:30 - 33568688 _____ (Adlice Software ) C:\Users\vieraidx\Downloads\setup.exe
2016-09-20 19:23 - 2016-09-20 19:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-09-20 19:17 - 2016-09-20 19:26 - 00000000 ____D C:\zoek
2016-09-20 19:02 - 2016-09-20 19:20 - 00000000 ____D C:\zoek_backup
2016-09-20 19:02 - 2016-09-20 19:02 - 01309184 _____ C:\Users\vieraidx\Downloads\zoek.exe
2016-09-20 18:32 - 2016-09-20 18:53 - 00000000 ____D C:\Users\vieraidx\AppData\Roaming\ZHP
2016-09-20 18:32 - 2016-09-20 18:32 - 00000801 _____ C:\Users\vieraidx\Desktop\ZHPCleaner.lnk
2016-09-20 18:31 - 2016-09-20 18:31 - 02398720 _____ C:\Users\vieraidx\Downloads\ZHPCleaner.exe
2016-09-20 18:13 - 2016-09-20 18:13 - 05200384 _____ (AVAST Software) C:\Users\vieraidx\Downloads\aswmbr.exe
2016-09-20 18:03 - 2016-09-20 18:04 - 00272541 _____ C:\Users\vieraidx\Downloads\Addition.txt
2016-09-20 18:02 - 2016-09-20 18:04 - 00054311 _____ C:\Users\vieraidx\Downloads\FRST.txt
2016-09-20 18:01 - 2016-09-22 21:46 - 00000000 ____D C:\FRST
2016-09-20 18:00 - 2016-09-21 22:44 - 02402816 _____ (Farbar) C:\Users\vieraidx\Desktop\FRST64.exe
2016-09-20 03:12 - 2016-09-20 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-19 20:15 - 2016-09-19 20:15 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-09-19 20:07 - 2016-09-19 20:07 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-09-19 18:47 - 2016-09-19 18:47 - 00000000 ____D C:\ProgramData\FileFinder
2016-09-19 11:48 - 2016-09-21 16:01 - 00132180 _____ C:\Users\vieraidx\Desktop\Workcycles-prices-Vkp-EN-Mrt15-City.pdf
2016-09-15 09:46 - 2016-09-15 09:46 - 00034358 _____ C:\Users\vieraidx\Downloads\TGCK_RELEASE_FORM (1).pdf
2016-09-15 09:45 - 2016-09-15 09:45 - 00108201 _____ C:\Users\vieraidx\Downloads\San Marcos 2016.pdf
2016-09-15 09:45 - 2016-09-15 09:45 - 00034358 _____ C:\Users\vieraidx\Downloads\TGCK_RELEASE_FORM.pdf
2016-09-12 10:45 - 2016-09-12 10:45 - 00056164 _____ C:\Users\vieraidx\Downloads\VeritasReset (1).pdf
2016-09-11 18:07 - 2016-09-11 18:07 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (7).pdf
2016-09-11 17:09 - 2016-09-11 17:09 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (6).pdf
2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (5).pdf
2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (4).pdf
2016-09-11 16:05 - 2016-09-11 16:05 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (3).pdf
2016-09-11 15:17 - 2016-09-11 15:17 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (2).pdf
2016-09-11 14:48 - 2016-09-11 14:48 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft (1).pdf
2016-09-11 11:20 - 2016-09-11 11:20 - 00037940 _____ C:\Users\vieraidx\Downloads\Current Science draft.pdf
2016-09-08 14:54 - 2016-09-08 14:54 - 00058267 _____ C:\Users\vieraidx\Downloads\GSAP_msds_01104200.PDF
2016-09-08 14:54 - 2016-09-08 14:54 - 00058267 _____ C:\Users\vieraidx\Desktop\GSAP_msds_01104200 (1).PDF
2016-09-07 10:32 - 2016-09-07 10:32 - 00000000 ____D C:\Users\vieraidx\AppData\Local\CEF
2016-09-06 09:18 - 2016-09-20 04:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-04 06:01 - 2016-09-17 11:30 - 00011612 _____ C:\Users\vieraidx\Desktop\Beetle.xlsx
2016-09-03 09:42 - 2016-09-03 09:43 - 00056164 _____ C:\Users\vieraidx\Downloads\VeritasReset.pdf
2016-09-03 06:55 - 2016-09-03 06:55 - 00054082 _____ C:\Users\vieraidx\Downloads\Key Purchase.pdf
2016-09-01 13:57 - 2016-09-01 13:57 - 00108595 _____ C:\Users\vieraidx\Downloads\Automatic Pmt Form Rev. 05-2016 (1).pdf
2016-09-01 11:22 - 2016-09-01 11:22 - 00015575 _____ C:\Users\vieraidx\Downloads\P25471-6-35-P25471 Patent Review - Approved.pdf
2016-09-01 11:15 - 2016-09-01 11:15 - 00108595 _____ C:\Users\vieraidx\Downloads\Automatic Pmt Form Rev. 05-2016.pdf
2016-09-01 09:52 - 2016-09-01 09:52 - 00242984 _____ C:\Users\vieraidx\Downloads\WFT Stage Gate Development Process.pdf
2016-08-31 14:16 - 2016-08-31 14:16 - 00204035 _____ C:\Users\vieraidx\Downloads\catalogo_motorini (1).zip
2016-08-31 14:13 - 2016-08-31 14:13 - 00204035 _____ C:\Users\vieraidx\Downloads\catalogo_motorini.zip
2016-08-28 10:20 - 2016-08-28 10:20 - 156029242 _____ C:\Users\vieraidx\Desktop\N_Beetle_98-08 (1).pdf
2016-08-28 10:19 - 2016-08-28 10:19 - 156029242 _____ C:\Users\vieraidx\Downloads\N_Beetle_98-08.pdf
2016-08-27 09:46 - 2016-08-27 09:46 - 01803260 _____ C:\Users\vieraidx\Downloads\130-U (2).pdf
2016-08-26 18:51 - 2016-08-26 18:51 - 00124992 _____ C:\Users\vieraidx\Downloads\Bill of Sale - v2 -- 2008 Volkswagen.pdf
2016-08-26 18:48 - 2016-08-26 18:48 - 01803260 _____ C:\Users\vieraidx\Downloads\130-U (1).pdf
2016-08-26 09:55 - 2016-08-26 09:55 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (3).pdf
2016-08-26 09:55 - 2016-08-26 09:55 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (2).pdf
2016-08-26 09:53 - 2016-08-26 09:53 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice (1).pdf
2016-08-26 09:52 - 2016-08-26 09:52 - 00167748 _____ C:\Users\vieraidx\Downloads\ReturnofServiceFaxedDPSSOAH.pdf
2016-08-25 10:51 - 2016-08-25 10:51 - 00134870 _____ C:\Users\vieraidx\Desktop\3591 rev H.dwg
2016-08-23 15:02 - 2016-08-23 15:02 - 00474679 _____ C:\Users\vieraidx\Downloads\Trooper Matthew Cline Invoice.pdf
2016-08-23 13:48 - 2016-08-23 13:48 - 00409192 _____ C:\Users\vieraidx\Downloads\CARFAX Vehicle History Report for this 2008 VOLKSWAGEN NEW BEETLE S_SE_ 3VWRW31C08M522598 (2).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-22 21:45 - 2016-02-08 09:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-22 21:03 - 2016-02-08 10:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-22 21:03 - 2015-09-24 13:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-22 21:01 - 2012-08-06 10:53 - 00000000 ____D C:\Users\vieraidx
2016-09-22 21:00 - 2015-09-24 14:25 - 00000000 ___RD C:\Users\vieraidx\Dropbox
2016-09-22 20:59 - 2015-09-24 13:58 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-22 20:59 - 2012-08-06 10:54 - 00000000 ____D C:\Users\vieraidx\Tracing
2016-09-22 20:49 - 2009-07-13 23:45 - 00017696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-22 20:49 - 2009-07-13 23:45 - 00017696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-22 20:44 - 2011-02-17 13:31 - 00000000 ____D C:\ProgramData\Sonic
2016-09-22 20:44 - 2010-02-25 17:57 - 00000567 _____ C:\Windows\SMSCFG.ini
2016-09-22 20:41 - 2012-08-02 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-22 20:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-22 20:39 - 2016-02-08 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-22 17:33 - 2012-08-27 03:51 - 00000000 ____D C:\Users\vieraidx\Documents\Outlook Files
2016-09-22 17:11 - 2010-03-24 17:42 - 00000656 _____ C:\Windows\system32\config\netlogon.ftl
2016-09-22 13:33 - 2012-08-02 15:24 - 00124098 __RSH C:\ProgramData\ntuser.pol
2016-09-21 22:51 - 2012-08-02 15:15 - 00000000 ____D C:\Users\UpdatusUser
2016-09-21 22:47 - 2012-08-06 15:33 - 00000000 ____D C:\Program Files\Google
2016-09-21 22:47 - 2012-08-06 15:32 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-21 22:44 - 2013-05-20 11:20 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-21 22:39 - 2012-08-06 15:25 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Google
2016-09-21 22:00 - 2013-06-04 15:10 - 00001300 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2016-09-21 22:00 - 2012-08-02 15:49 - 00001192 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-21 22:00 - 2012-08-02 15:49 - 00001001 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-21 13:08 - 2013-10-11 06:57 - 00000000 ____D C:\Windows\ccmcache
2016-09-21 10:45 - 2012-08-03 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2016-09-21 10:45 - 2012-08-03 09:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2016-09-21 10:39 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-09-21 10:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-20 22:11 - 2012-08-06 10:53 - 00001014 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-20 22:11 - 2012-08-06 10:53 - 00001014 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-20 19:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-09-20 11:56 - 2016-05-22 15:17 - 00002202 _____ C:\Users\vieraidx\Desktop\Kindle.lnk
2016-09-20 10:15 - 2013-02-08 10:17 - 00000000 ____D C:\Users\vieraidx\Documents\My Received Files
2016-09-20 08:05 - 2014-09-23 17:06 - 00000000 ____D C:\Users\vieraidx\Desktop\Purch Req's
2016-09-20 04:03 - 2016-05-13 20:18 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-09-20 04:03 - 2016-04-24 22:50 - 00000762 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2016-09-20 04:03 - 2016-04-13 09:33 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
2016-09-20 04:03 - 2016-02-08 09:16 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCAP.lnk
2016-09-20 04:03 - 2016-02-08 09:16 - 00002065 _____ C:\Users\Public\Desktop\WCAP.lnk
2016-09-20 04:03 - 2015-08-19 09:25 - 00002109 _____ C:\Users\Public\Desktop\WFT Service Desk.lnk
2016-09-20 04:03 - 2014-05-16 14:03 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2016-09-20 04:03 - 2014-04-07 07:10 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center Endpoint Protection.lnk
2016-09-20 04:03 - 2013-06-04 15:12 - 00001899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HRTWin.lnk
2016-09-20 04:03 - 2013-05-18 01:16 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-20 04:03 - 2013-05-02 08:29 - 00002447 _____ C:\Users\Public\Desktop\WFT Employee Connect.lnk
2016-09-20 04:03 - 2012-10-26 10:40 - 00001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WFT Intranet.lnk
2016-09-20 04:03 - 2012-09-28 13:18 - 00002143 _____ C:\Users\Public\Desktop\AutoCAD LT 2012.lnk
2016-09-20 04:03 - 2010-02-25 17:43 - 00001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2016-09-20 04:03 - 2010-02-25 17:03 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-20 04:03 - 2010-02-25 17:03 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-20 04:03 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-20 04:03 - 2009-07-13 23:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-20 04:03 - 2009-07-13 23:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-20 04:03 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-20 04:02 - 2016-04-24 22:50 - 00000750 _____ C:\Users\vieraidx\Desktop\Anki.lnk
2016-09-20 04:02 - 2016-02-15 14:44 - 00001174 _____ C:\Users\vieraidx\Desktop\CPD Systems Engineering - Shortcut.lnk
2016-09-20 04:02 - 2016-02-15 12:10 - 00000840 _____ C:\Users\vieraidx\Desktop\P25471 - Set Point Choke - Shortcut.lnk
2016-09-20 04:02 - 2016-02-15 12:08 - 00000782 _____ C:\Users\vieraidx\Desktop\Standards - Shortcut.lnk
2016-09-20 04:02 - 2016-02-15 12:08 - 00000612 _____ C:\Users\vieraidx\Desktop\Calculators - Shortcut.lnk
2016-09-20 04:02 - 2015-12-23 10:05 - 00001314 _____ C:\Users\vieraidx\Desktop\NS.lnk
2016-09-20 04:02 - 2015-10-02 07:37 - 00003031 _____ C:\Users\vieraidx\AppData\Roaming\Microsoft\Windows\Start Menu\CADRE Pro.lnk
2016-09-20 04:02 - 2015-08-21 12:47 - 00001728 _____ C:\Users\vieraidx\Desktop\Creo3 PDMLink.lnk
2016-09-20 04:02 - 2015-08-19 09:25 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WFT Service Desk.lnk
2016-09-20 04:02 - 2015-08-19 09:25 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\OEPS Online.lnk
2016-09-20 04:02 - 2015-07-01 13:55 - 00002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mathcad 15.lnk
2016-09-20 04:02 - 2014-02-11 18:24 - 00002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Parker Autoclave Engineers Valves Fittings Tubing Ecatalog.lnk
2016-09-20 04:02 - 2013-03-25 15:12 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Snap-tite Components.lnk
2016-09-20 04:02 - 2012-08-14 13:02 - 00003003 _____ C:\Users\vieraidx\Desktop\Microsoft Word 2010.lnk
2016-09-20 04:02 - 2012-08-14 13:02 - 00002933 _____ C:\Users\vieraidx\Desktop\Microsoft Excel 2010.lnk
2016-09-20 04:02 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-20 04:02 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-20 03:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2016-09-20 03:49 - 2013-08-03 12:20 - 00000000 ____D C:\ProgramData\comcastModemRelease
2016-09-20 03:12 - 2015-09-24 13:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-17 03:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-16 15:36 - 2016-02-19 17:49 - 00000000 ____D C:\Users\vieraidx\Desktop\Weekly Updates
2016-09-15 16:47 - 2014-05-16 14:01 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Paint.NET
2016-09-13 16:29 - 2012-08-02 15:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 16:29 - 2012-08-02 15:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 16:29 - 2012-08-02 15:49 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 16:29 - 2010-02-25 17:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 15:54 - 2013-11-22 11:38 - 00000000 ____D C:\Users\vieraidx\Documents\creo
2016-09-12 18:45 - 2014-10-17 10:21 - 00000000 ____D C:\Users\vieraidx\Desktop\Misc
2016-09-10 08:52 - 2009-07-14 00:13 - 00783946 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-08 13:46 - 2016-03-08 11:09 - 00011550 _____ C:\Users\vieraidx\Desktop\Leave Summary.xlsx
2016-09-07 15:25 - 2016-04-24 22:52 - 00000000 ____D C:\Users\vieraidx\Documents\Anki
2016-09-07 10:32 - 2014-08-17 17:14 - 00000000 ____D C:\Users\vieraidx\AppData\Local\Adobe
2016-09-06 09:18 - 2010-02-25 17:42 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-15 07:30

==================== End of FRST.txt ============================
 
Sorry about the delay. Had a massive headache.

While we wait for Mal to look over your log, are you still experiencing popups and redirects?
 
Thanks for your help guys - I really appreciate it. This is a great service/ resource. Is there any help here for virus problems on apples? Or does anyone know a similar site that can help with that?
 
  • Like
Reactions: jmarket
Status
Not open for further replies.
Top Bottom