Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After 2 scans AdwCleaner and Mbam keep finding adware


  • This topic is locked This topic is locked
18 replies to this topic

#1 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 24 August 2016 - 06:23 PM

A computer at my job has several pieces of adware on it, most notably the Premier Opinion adware. I ran Malwarebytes and AdwCleaner and BitDefender Free twice, but the adware seems to still be present. I am currently running Eset Online Scanner but it seems to crash at about 60%. Resource Monitor says Eset is running normally, but it does not respond and it's GUI elements get a black border around most of them, similar to when a program crashes and the GUI does not respond. When Eset "crashes" it reports 10 infections found. I turned off BitDefender free while Eset was running, since Eset warns of a conflict with it, but that may have caused the problem. I noticed something was wrong when I saw that the search engines AdwC deleted from Chrome were there again at the next scan. Same thing with Mbam, it found more after it had done its Threat Scan. I have every log AdwC and Mbam created.
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Administrator (administrator) on DKP-WIN-ARASV (24-08-2016 16:10:04)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: triboadmin & ArashVafanejad & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipalsm.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nidevldu.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipxism.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Viber Media S.Ã  r.l.) C:\Users\Administrator\AppData\Local\Viber\Viber.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle Corporation) C:\Xilinx\xic\tps\win64\jre\bin\java.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(ESET spol. s r.o.) C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [niDevMon] => C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [119120 2014-02-12] (National Instruments Corporation)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [269704 2014-07-31] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [Viber] => C:\Users\Administrator\AppData\Local\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã  r.l.)
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [UM] => C:\Users\Administrator\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\MountPoints2: {1360f218-6530-11e5-9da9-448a5b8b8e0c} - E:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xilinx Information Center.lnk [2015-05-21]
ShortcutTarget: Xilinx Information Center.lnk -> C:\Xilinx\xic\xic.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-31]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-09-11]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk [2014-10-14]
ShortcutTarget: NI Error Reporting (64-bit).lnk -> C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-09-24]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-31]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\ArashVafanejad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\ArashVafanejad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\ArashVafanejad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xilinx Information Center.lnk [2015-05-21]
ShortcutTarget: Xilinx Information Center.lnk -> C:\Xilinx\xic\xic.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{29604E1F-8553-46B0-B9A3-D68B4E86A4D9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{29604E1F-8553-46B0-B9A3-D68B4E86A4D9}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7640acd9&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7640acd9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2710881768-1854469066-2913613117-500 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7640acd9&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-11-19] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\09rqsds6.default
FF DefaultSearchEngine.US: Yahoo!
FF Homepage: hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-7640acd9
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll [2013-01-24] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll [2011-08-29] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2014-05-13] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2014-04-02] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2014-06-25] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win64.dll [2014-06-25] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll [2006-01-23] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2007-02-08] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\09rqsds6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-31]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Honey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-24]
CHR Extension: (Google Cast) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-24]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (NPR: News, Music and Books) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamfjcklnmlbokoackecfjidfjafgog [2015-05-13]
CHR Extension: (StayFocusd) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-17]
CHR Extension: (The Independent) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai [2016-08-24]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-24]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
CHR HKU\S-1-5-21-2710881768-1854469066-2913613117-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\Studio\15.0\InterBaseXE3\bin\ibguard.exe [636744 2014-05-14] (Embarcadero Technologies, Inc.)
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\Studio\15.0\InterBaseXE3\bin\ibserver.exe [5489992 2014-05-14] (Embarcadero Technologies, Inc.)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84280 2014-06-07] (National Instruments Corporation)
R2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [19280 2014-06-05] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-06-10] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-06-20] (National Instruments Corporation)
R2 nidevldu; C:\Windows\SysWOW64\nidevldu.exe [103800 2014-06-13] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [383352 2014-06-13] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-19] (National Instruments Corporation)
R2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [20816 2014-01-09] (National Instruments Corporation)
S3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [39232 2014-06-18] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-06-10] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2014-11-27] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2014-11-27] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2014-11-27] (SafeNet Inc.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [82096 2014-04-10] (Qualcomm Atheros, Inc.)
S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2005-10-18] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.)
S3 lvalarmk; C:\Windows\system32\drivers\lvalarmk.sys [27528 2014-06-13] (National Instruments Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [12984 2014-05-16] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [30032 2014-05-16] (National Instruments Corporation)
S3 nicdcck; C:\Windows\system32\drivers\nicdcckl.sys [15192 2014-04-29] (National Instruments Corporation)
S3 nicdrk; C:\Windows\system32\drivers\nicdrkl.sys [15192 2014-04-29] (National Instruments Corporation)
S3 nicmrk; C:\Windows\system32\drivers\nicmrkl.sys [15208 2014-06-10] (National Instruments Corporation)
S3 nicondrk; C:\Windows\system32\drivers\nicondrkl.sys [15176 2014-05-06] (National Instruments Corporation)
S3 nicsrk; C:\Windows\system32\drivers\nicsrkl.sys [15176 2014-06-24] (National Instruments Corporation)
R3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [15200 2014-03-13] (National Instruments Corporation)
S3 nidmxfk; C:\Windows\system32\drivers\nidmxfkl.sys [15176 2014-06-25] (National Instruments Corporation)
S3 nidsark; C:\Windows\system32\drivers\nidsarkl.sys [15184 2014-04-29] (National Instruments Corporation)
S3 niemrk; C:\Windows\system32\drivers\niemrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 niemrkw; C:\Windows\System32\DRIVERS\niemrkw.sys [14664 2014-05-02] (National Instruments Corporation)
S3 niesrk; C:\Windows\system32\drivers\niesrkl.sys [15176 2014-05-02] (National Instruments Corporation)
R3 NIEthernetDeviceEnumerator; C:\Windows\System32\DRIVERS\niede.sys [38064 2012-01-12] (National Instruments Corporation)
S3 nifslk; C:\Windows\system32\drivers\nifslkl.sys [15192 2014-03-14] (National Instruments Corporation)
S3 nihorbrk; C:\Windows\system32\drivers\nihorbrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 nihsdrk; C:\Windows\system32\drivers\nihsdrkl.sys [14168 2014-06-27] (National Instruments Corporation)
S3 nihsdrkw; C:\Windows\System32\DRIVERS\nihsdrkw.sys [13656 2014-06-27] (National Instruments Corporation)
R3 nimdbgk; C:\Windows\system32\drivers\nimdbgkl.sys [15200 2014-03-13] (National Instruments Corporation)
R3 nimru2k; C:\Windows\system32\drivers\nimru2kl.sys [15200 2014-03-13] (National Instruments Corporation)
S3 nimsdrk; C:\Windows\system32\drivers\nimsdrkl.sys [15232 2014-06-13] (National Instruments Corporation)
S3 nimstsk; C:\Windows\system32\drivers\nimstskl.sys [15200 2014-06-12] (National Instruments Corporation)
R3 nimxdfk; C:\Windows\system32\drivers\nimxdfkl.sys [15184 2014-03-13] (National Instruments Corporation)
S3 nimxpk; C:\Windows\system32\drivers\nimxpkl.sys [15208 2014-06-12] (National Instruments Corporation)
S3 ninshsdk; C:\Windows\system32\drivers\ninshsdkl.sys [15200 2014-04-01] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [15184 2014-03-12] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [15232 2014-06-05] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [773464 2014-06-05] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [15224 2014-06-05] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2014-02-28] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [89992 2014-06-12] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [70336 2014-05-16] (National Instruments Corporation)
S3 nipxifpk; C:\Windows\system32\drivers\nipxifpk.sys [37272 2013-09-10] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\system32\drivers\nipxigpk.sys [22680 2011-08-09] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\system32\drivers\nipxirmkl.sys [15184 2014-01-09] (National Instruments Corporation)
S3 niraptrk; C:\Windows\system32\drivers\niraptrkl.sys [15176 2014-05-06] (National Instruments Corporation)
S3 niscdk; C:\Windows\system32\drivers\niscdkl.sys [15216 2014-04-29] (National Instruments Corporation)
R0 nischifk; C:\Windows\System32\Drivers\nischifk.sys [66936 2014-06-11] (National Instruments Corporation)
S3 nisdigk; C:\Windows\system32\drivers\nisdigkl.sys [15192 2014-05-02] (National Instruments Corporation)
S3 nisftk; C:\Windows\system32\drivers\nisftkl.sys [15184 2014-04-01] (National Instruments Corporation)
S3 nismbusk; C:\Windows\System32\DRIVERS\nismbus.sys [255848 2014-06-05] (National Instruments Corporation)
S3 nispdk; C:\Windows\system32\drivers\nispdkl.sys [15216 2014-04-29] (National Instruments Corporation)
S3 nissrk; C:\Windows\system32\drivers\nissrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 nistc2k; C:\Windows\system32\drivers\nistc2kl.sys [15152 2014-04-29] (National Instruments Corporation)
S3 nistc3rk; C:\Windows\system32\drivers\nistc3rkl.sys [15168 2014-04-29] (National Instruments Corporation)
S3 nistcrk; C:\Windows\system32\drivers\nistcrkl.sys [15200 2014-04-29] (National Instruments Corporation)
R2 nistreamk; C:\Windows\System32\drivers\nistreamkl.sys [24912 2014-06-04] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [15176 2014-06-23] (National Instruments Corporation)
S3 nitfurk; C:\Windows\system32\drivers\nitfurkl.sys [15216 2014-05-02] (National Instruments Corporation)
S3 nitiork; C:\Windows\system32\drivers\nitiorkl.sys [15200 2014-04-29] (National Instruments Corporation)
S3 niufurk; C:\Windows\system32\drivers\niufurkl.sys [15392 2014-06-24] (National Instruments Corporation)
R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15200 2014-06-13] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15200 2014-06-13] (National Instruments Corporation)
S3 niwfrk; C:\Windows\system32\drivers\niwfrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 nixfmrrk; C:\Windows\system32\drivers\nixfmrrkl.sys [15184 2014-05-06] (National Instruments Corporation)
S3 nixsrk; C:\Windows\system32\drivers\nixsrkl.sys [15176 2014-05-02] (National Instruments Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 usb6xxxkw; C:\Windows\System32\DRIVERS\usb6xxxkw.sys [14640 2014-05-09] (National Instruments Corporation)
S3 Usbtmc; C:\Windows\System32\Drivers\ausbtmc.sys [24064 2013-10-07] (IVI Foundation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-12-11] (VIA Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2015-04-21] (Jungo)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2015-04-21] (Xilinx, Inc.)
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 16:10 - 2016-08-24 16:10 - 00038789 _____ C:\Users\Administrator\Downloads\FRST.txt
2016-08-24 16:09 - 2016-08-24 16:10 - 00000000 ____D C:\FRST
2016-08-24 16:08 - 2016-08-24 16:08 - 02396672 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2016-08-24 09:37 - 2016-08-24 09:37 - 04002104 _____ (Secunia) C:\Users\ArashVafanejad\Downloads\PSISetup.exe
2016-08-24 09:34 - 2016-08-24 09:34 - 00000000 ____D C:\Users\ArashVafanejad\AppData\Local\ESET
2016-08-24 09:34 - 2016-08-24 09:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-08-24 09:25 - 2016-08-24 09:25 - 11438608 _____ (SurfRight B.V.) C:\Users\ArashVafanejad\Downloads\HitmanPro_x64.exe
2016-08-24 09:22 - 2016-08-24 09:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ArashVafanejad\Downloads\iExplore.exe
2016-08-24 09:22 - 2016-08-24 09:22 - 00002352 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-08-24 09:08 - 2016-08-24 09:08 - 06761600 _____ (ESET spol. s r.o.) C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe
2016-08-23 17:19 - 2016-08-23 17:19 - 00000225 _____ C:\Windows\pxisys.ini
2016-08-23 17:19 - 2016-08-23 17:19 - 00000216 _____ C:\Windows\pxiesys.ini
2016-08-23 16:38 - 2016-08-23 16:38 - 03784256 _____ C:\Users\ArashVafanejad\Downloads\adwcleaner_6.000.exe
2016-08-23 16:18 - 2016-08-24 15:47 - 00000000 ____D C:\AdwCleaner
2016-08-23 16:17 - 2016-08-23 16:17 - 03784256 _____ C:\Users\triboadmin\Downloads\adwcleaner_6.000.exe
2016-08-23 16:16 - 2016-08-23 16:16 - 13990599 _____ C:\Users\triboadmin\Downloads\CrystalDiskInfo7_0_2Shizuku (1).zip
2016-08-23 16:16 - 2016-08-23 16:16 - 00000000 ____D C:\Users\triboadmin\Downloads\CrystalDiskInfo7_0_2Shizuku
2016-08-23 16:16 - 2016-08-23 16:16 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\WinRAR
2016-08-23 16:15 - 2016-08-23 16:16 - 13990599 _____ C:\Users\triboadmin\Downloads\CrystalDiskInfo7_0_2Shizuku.zip
2016-08-23 16:12 - 2016-08-23 16:12 - 00638872 _____ (CEZEO software Ltd. ) C:\Users\triboadmin\Downloads\ssdready.exe
2016-08-23 16:07 - 2016-08-23 16:07 - 00000223 _____ C:\Users\ArashVafanejad\.octave_hist
2016-08-23 15:11 - 2016-08-23 16:10 - 00000000 ____D C:\Program Files\Recuva
2016-08-23 15:11 - 2016-08-23 15:11 - 00000000 __SHD C:\Users\triboadmin\AppData\Local\EmieUserList
2016-08-23 15:11 - 2016-08-23 15:11 - 00000000 __SHD C:\Users\triboadmin\AppData\Local\EmieSiteList
2016-08-23 15:11 - 2016-08-23 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-08-23 15:11 - 2016-07-28 12:14 - 05473600 _____ (Piriform Ltd) C:\Users\triboadmin\Downloads\recuva_setup153.exe
2016-08-23 15:09 - 2016-08-23 15:09 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\Sun
2016-08-23 15:09 - 2016-08-23 15:09 - 00000000 ____D C:\Users\triboadmin\AppData\LocalLow\Sun
2016-08-23 15:04 - 2016-08-23 15:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-07-26 15:38 - 2016-07-26 16:54 - 00407844 _____ C:\Windows\ntbtlog.txt
2016-07-26 11:04 - 2016-07-26 11:04 - 00000000 ____D C:\Users\triboadmin\.oracle_jre_usage
2016-07-26 11:02 - 2016-08-23 16:12 - 00002259 _____ C:\Users\triboadmin\Desktop\Google Chrome.lnk
2016-07-26 11:02 - 2016-08-23 16:11 - 00000000 ____D C:\Users\triboadmin\AppData\Local\Google
2016-07-26 11:02 - 2016-07-26 11:04 - 00000000 ____D C:\Users\triboadmin
2016-07-26 11:02 - 2016-07-26 11:02 - 00093224 _____ C:\Users\triboadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-26 11:02 - 2016-07-26 11:02 - 00001417 _____ C:\Users\triboadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-26 11:02 - 2016-07-26 11:02 - 00000020 ___SH C:\Users\triboadmin\ntuser.ini
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\My Documents
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\Documents\My Videos
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\Documents\My Pictures
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\Documents\My Music
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\ControlCenter4
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\ATI
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\Adobe
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\VirtualStore
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\National Instruments
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\ATI
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\AMD
2016-07-26 11:02 - 2014-09-24 18:21 - 00002100 _____ C:\Users\triboadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 15:48 - 2016-05-09 11:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-24 15:36 - 2014-09-10 20:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-24 15:33 - 2014-09-11 18:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-24 13:36 - 2014-09-10 20:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-24 12:23 - 2014-09-22 09:50 - 00000000 ___RD C:\Users\Administrator\Google Drive
2016-08-24 12:22 - 2016-04-29 10:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Viber
2016-08-24 12:22 - 2015-09-21 12:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ViberPC
2016-08-24 12:21 - 2015-07-13 08:40 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-24 12:20 - 2015-11-19 10:28 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-24 12:20 - 2015-09-21 12:26 - 00000000 ____D C:\Users\Administrator\Documents\ViberDownloads
2016-08-24 12:20 - 2015-06-03 15:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2016-08-24 12:20 - 2015-05-21 16:28 - 00000000 ____D C:\ProgramData\Xilinx
2016-08-23 17:26 - 2009-07-13 21:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-23 17:26 - 2009-07-13 21:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-23 17:24 - 2009-07-13 22:13 - 00801722 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-23 17:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-23 17:19 - 2015-01-20 16:52 - 00000000 ____D C:\ProgramData\Embarcadero
2016-08-23 17:18 - 2010-11-21 00:16 - 00000000 ____D C:\Windows\CSC
2016-08-23 17:18 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-23 16:23 - 2014-09-11 08:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-08-23 16:10 - 2014-09-24 17:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-23 16:08 - 2014-09-24 17:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-23 16:07 - 2016-05-09 10:43 - 00000000 ____D C:\Users\ArashVafanejad
2016-08-23 16:00 - 2016-05-09 10:59 - 00000000 ____D C:\Users\ArashVafanejad\AppData\Local\{35150349-11BD-6FF1-7C25-4A19584DB681}
2016-08-23 16:00 - 2016-03-29 12:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\{35150349-11BD-6FF1-7C25-4A19584DB681}
2016-08-16 03:37 - 2014-09-22 09:49 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-16 03:37 - 2014-09-22 09:49 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-16 03:37 - 2014-09-22 09:49 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-16 03:37 - 2014-09-22 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-10 09:40 - 2014-09-10 20:24 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-04 17:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-04 14:32 - 2016-05-09 10:52 - 00000000 ____D C:\Users\ArashVafanejad\Desktop\Arash
2016-08-04 01:12 - 2015-11-03 12:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Telegram Desktop
2016-08-02 17:58 - 2016-05-09 10:52 - 00000903 _____ C:\Users\ArashVafanejad\Desktop\Electrical Engineering - Shortcut.lnk
2016-08-02 17:58 - 2016-05-09 10:52 - 00000757 _____ C:\Users\ArashVafanejad\Desktop\COMSOL - Shortcut.lnk
2016-07-28 13:31 - 2014-09-10 20:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 13:31 - 2014-09-10 20:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 11:57 - 2016-05-09 10:50 - 00005168 _____ C:\Users\ArashVafanejad\AppData\Roaming\LTspiceIV.ini
2016-07-26 11:00 - 2016-06-30 15:27 - 00056579 _____ C:\Users\ArashVafanejad\Desktop\Experiment Paschen's curve.pxp
2016-07-26 11:00 - 2016-06-30 15:23 - 00133041 _____ C:\Users\ArashVafanejad\Desktop\test1.xlsx
 
==================== Files in the root of some directories =======
 
2016-03-31 14:34 - 2016-03-31 14:34 - 0000068 _____ () C:\Users\Administrator\AppData\Roaming\Camdata.ini
2016-03-31 14:34 - 2016-03-31 14:34 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamLayout.ini
2016-03-31 14:34 - 2016-03-31 14:34 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamShapes.ini
2016-03-31 14:34 - 2016-03-31 14:34 - 0004536 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.cfg
2016-03-30 14:23 - 2016-03-30 14:23 - 0000000 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.Data.ini
2016-03-30 14:23 - 2016-03-30 14:23 - 0001205 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.ini
2014-09-23 18:13 - 2016-05-09 10:37 - 0005168 _____ () C:\Users\Administrator\AppData\Roaming\LTspiceIV.ini
2014-09-11 18:45 - 2014-09-11 19:03 - 1701856 ____T (CPUID) C:\Users\Administrator\AppData\Roaming\siw_sdk.dll
2016-03-29 12:28 - 2016-03-29 12:28 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\version2.xml
2016-03-29 13:29 - 2016-04-13 00:29 - 0000139 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-12-30 12:35 - 2015-01-05 15:38 - 0000666 _____ () C:\Users\Administrator\AppData\Local\CastleLinkProps.dat
2014-09-11 08:21 - 2014-09-11 08:21 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Driver_LOM_8161Present.flag
2015-08-05 15:30 - 2015-08-05 15:30 - 0032200 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-09-15 12:43 - 2015-09-15 12:43 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-05-09 11:05 - 2016-05-09 11:05 - 0176387 _____ () C:\ProgramData\1462817062.bdinstall.bin
 
Files to move or delete:
====================
C:\Users\Administrator\siw.exe
 
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3tbhce.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\setup.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3tbhce.dll
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\setup.exe
C:\Users\triboadmin\AppData\Local\Temp\libeay32.dll
C:\Users\triboadmin\AppData\Local\Temp\msvcr120.dll
C:\Users\triboadmin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-23 18:12
 
==================== End of FRST.txt ============================


I can't find where to attach my Addition.txt. Has it been moved or something?

 

Addition.txt attached.

Attached Files


Edited by Gorbulan, 24 August 2016 - 07:28 PM.
moved from Am I Infected to Malware Removal Logs. FRST logs are allowed only in MRL forum. Attachments not allowed in AII. Now that the topic is in MRL, you will be able to attach.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 26 August 2016 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [UM] => C:\Users\Administrator\AppData\Roaming\Update Manager\UM.EXE
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR Extension: (Honey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-24]
CHR HKU\S-1-5-21-2710881768-1854469066-2913613117-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Administrator\AppData\Roaming\Update Manager
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\adwcleaner_6.000.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\HitmanPro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\iExplore.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\PSISetup.exe:BDU [0]
AlternateDataStreams: C:\Users\triboadmin\Downloads\adwcleaner_6.000.exe:BDU [0]
AlternateDataStreams: C:\Users\triboadmin\Downloads\ssdready.exe:BDU 

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the log and let me know what problem persists.

#3 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 26 August 2016 - 11:50 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Administrator (26-08-2016 09:07:28) Run:1
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: triboadmin & ArashVafanejad & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [UM] => C:\Users\Administrator\AppData\Roaming\Update Manager\UM.EXE
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR Extension: (Honey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-24]
CHR HKU\S-1-5-21-2710881768-1854469066-2913613117-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Administrator\AppData\Roaming\Update Manager
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\adwcleaner_6.000.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\HitmanPro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\iExplore.exe:BDU [0]
AlternateDataStreams: C:\Users\ArashVafanejad\Downloads\PSISetup.exe:BDU [0]
AlternateDataStreams: C:\Users\triboadmin\Downloads\adwcleaner_6.000.exe:BDU [0]
AlternateDataStreams: C:\Users\triboadmin\Downloads\ssdready.exe:BDU 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\Software\Microsoft\Windows\CurrentVersion\Run\\UM => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj => moved successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKU\S-1-5-21-2710881768-1854469066-2913613117-500\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
cpuz137 => service removed successfully
usb6xxxk => service removed successfully
VGPU => service removed successfully
"C:\Users\Administrator\AppData\Roaming\Update Manager" => not found.
"C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj" => not found.
"C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Administrator\Downloads\FRST64.exe" => ":BDU" ADS not found.
C:\Users\ArashVafanejad\Downloads\adwcleaner_6.000.exe => ":BDU" ADS removed successfully.
C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe => ":BDU" ADS removed successfully.
C:\Users\ArashVafanejad\Downloads\HitmanPro_x64.exe => ":BDU" ADS removed successfully.
C:\Users\ArashVafanejad\Downloads\iExplore.exe => ":BDU" ADS removed successfully.
C:\Users\ArashVafanejad\Downloads\PSISetup.exe => ":BDU" ADS removed successfully.
C:\Users\triboadmin\Downloads\adwcleaner_6.000.exe => ":BDU" ADS removed successfully.
"C:\Users\triboadmin\Downloads\ssdready.exe" => "AlternateDataStreams: C:\Users\triboadmin\Downloads\ssdready.exe:BDU" ADS not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29161801 B
Java, Flash, Steam htmlcache => 10593 B
Windows/system/drivers => 107881149 B
Edge => 0 B
Chrome => 810003967 B
Firefox => 377857156 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 93452 B
triboadmin => 7315240 B
ArashVafanejad => 6124626508 B
Administrator => 6167748058 B
 
RecycleBin => 6412518907 B
EmptyTemp: => 18.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:08:30 ====


#4 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 26 August 2016 - 11:52 AM

Malwarebytes found nothing. AdwCleaner 6.0.1.0 found 29 threats, two of which were false positives (we develop software here). The remaining threats appeared to be registry keys and search providers in Chrome, the same ones from before.

 

Want the latest AdwCleaner log?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 27 August 2016 - 08:30 AM

Any remaining issues?

#6 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 29 August 2016 - 11:28 AM

Yes, as I said before, AdwCleaner found 29 threats still, Malwarebytes found none. Here is the log:

 

 

# AdwCleaner v6.010 - Logfile created 26/08/2016 at 09:46:06
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-25.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Administrator - DKP-WIN-ARASV
# Running from : C:\Users\Administrator\Downloads\adwcleaner_6.010.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
File Found:  C:\Users\<USERNAME>\Desktop\adb.exe
File Found:  C:\Users\Administrator\Desktop\adb.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\SbConverter2.Convert
Key Found:  HKLM\SOFTWARE\Classes\SbConverter2.Convert.1
Key Found:  HKLM\SOFTWARE\Classes\SbConverter2.Interpret
Key Found:  HKLM\SOFTWARE\Classes\SbConverter2.Interpret.1
Key Found:  HKLM\SOFTWARE\Classes\sbUILibrary.ComboEditValue
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\ADMINAME\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\ADMINAME\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - q
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - astromenda.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - search provided by yahoo.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - funmoods.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - blekko
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - www1.delta-search.com
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Web data] - r
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://astromenda.com/?f=7&a=ast_frg01_14_44_ch&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAyEyByByC0CyBtD0CtDzytN0D0Tzu0
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&para
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47&param1=1&p
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0F0B0AyEtCtCyE0ByCzzyDtN0D0Tzu0CtAz
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mysearch.avg.com/?cid={59563DA7-39FB-4A81-A64C-3CDD33C57E16}&mid=7e99e8e4f4ab47d1ba656d3e7184b3a0-cea
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mysearch.avg.com/?cid={59563DA7-39FB-4A81-A64C-3CDD33C57E16}&mid=7e99e8e4f4ab47d1ba656d3e7184b3a0-cea
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mysearch.avg.com/?cid={59563DA7-39FB-4A81-A64C-3CDD33C57E16}&mid=7e99e8e4f4ab47d1ba656d3e7184b3a0-cea
Chrome pref Found:  [C:\Users\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mysearch.avg.com/?cid={59563DA7-39FB-4A81-A64C-3CDD33C57E16}&mid=7e99e8e4f4ab47d1ba656d3e7184b3a0-cea
Chrome pref Found:  [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [12116 Bytes] - [23/08/2016 16:27:08]
C:\AdwCleaner\AdwCleaner[C2].txt - [7388 Bytes] - [23/08/2016 16:42:06]
C:\AdwCleaner\AdwCleaner[C3].txt - [2481 Bytes] - [23/08/2016 17:18:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [13351 Bytes] - [23/08/2016 16:20:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [7463 Bytes] - [23/08/2016 16:40:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [3349 Bytes] - [23/08/2016 16:45:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [1673 Bytes] - [24/08/2016 09:07:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [5200 Bytes] - [26/08/2016 09:46:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [5273 Bytes] ##########
 
 
"adb.exe" is a falsepositive, it is software we made.

Edited by Gorbulan, 29 August 2016 - 11:29 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 30 August 2016 - 07:37 AM

Run the AdwCleaner tool and clean everything except the adb.exe program.

===

What are the remaining issues with this computer?

#8 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 30 August 2016 - 04:17 PM

I ran AdwCleaner again. It found the bad search providers. Turns out the Google account was re-populating them in Chrome, as well as some start pages. I deleted them all manually in Chrome settings. I went back to run Eset, since the previous scan failed. It found 6 threats before crashing towards the end of the scan, almost identical in the way it crashed before. I also ran Hitman Pro free edition, which found three actual threats that it claims to have eliminated.

 

I have the final logs from AdwCleaner, as well as a screenshot of Hitman Pro's findings. I could not find the log for Hitman Pro. Don't think it was an option.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 31 August 2016 - 12:27 PM


Your Chrome preferences has been compromised.

I suggest you remove chrome, restart the computer when done and reinstall the browser.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


If using chrome sync data.
How To Delete Your Google Chrome Browser Sync Data
http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/
<<<>>>

#10 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 31 August 2016 - 03:06 PM

I uninstalled Chrome and deleted the sync data as well as the browser data. However, when I reinstalled it all of the bookmarks and extensions returned, including two that were not there before, Google Cast and Google Dictionary.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 01 September 2016 - 08:22 AM

Remove the new extensions if you do not want them.

Any remaining issues?

#12 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 September 2016 - 11:49 AM

Remove the new extensions if you do not want them.

 

Naturally.

 

 

Any remaining issues?

 

Yes. When I run Eset Online it finds 6 threats then crashes later on during the scan. It generates no logs due to the crash.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 01 September 2016 - 12:58 PM

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#14 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 September 2016 - 02:50 PM

I ran the script and within one minute it reported an error:

 

"An error has ocurred in the script on this page. 

 

Path not found

 

file:///C:/Users/ADMINI~1/AppData/Local/Temp/zoekrun.ht"

 

I clicked Yes, but I am not sure it is still working. The log file was created at 12:34 PM an has not changed in the past 15 minutes.

Attached Files


Edited by Gorbulan, 01 September 2016 - 02:50 PM.


#15 Gorbulan

Gorbulan
  • Topic Starter

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 September 2016 - 04:38 PM

The Zoek scan finished, apparently, while I was out to lunch. Looking at the log, it seems like it got a bunch of false positives.

Attached Files


Edited by Gorbulan, 01 September 2016 - 04:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users