[Nanocore client running]

No more questions, just going to fully re-read everything you just sent.

[Nanocore client running]

Well, thank you Aura for all the help you've given me with this. I will try to decide what to do. I don't have any credit cards saved on this so that's good.

[Nanocore client running]

So if you're saying I have a backdoor trojan, should I just re-format the system disk and start from scratch then?

[Nanocore client running]

FRST.txt

Addition.txt

 

[Nanocore client running]

1. The icon is no longer there.

2. I have uninstalled the program you listed above.

3. Fixlog.txt pasted :

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
Ran by Owner (03-03-2017 21:27:28) Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & plubby (Available Profiles: Owner & plubby & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-08-21] ()
HKU\S-1-5-21-1415500892-1382036065-4136962848-1000\...\Run: [AVG-Secure-Search-Update_0215tb] => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe [2794520 2015-03-01] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoMoparscape.lnk [2017-02-27]
ShortcutTarget: AutoMoparscape.lnk -> C:\Users\Owner\MoparScape\AutoMoparscape.jar (No File)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-08-21] (AVG Secure Search)

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]

CHR StartupUrls: Profile 1 -> "hxxp://www.google.com","hxxp://www.searchnu.com/406"
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}

R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-08-21] (AVG Secure Search)

Task: {1985ABCD-23BA-412E-9D71-F7D72F10ACAF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25CEC8F0-3DC3-4F84-93B3-9C918DE7621B} - System32\Tasks\{1B93A4A3-CFF6-4276-ACA5-EA4B9C48C7BD} => pcalua.exe -a C:\Users\Owner\AppData\Local\Roblox\Versions\version-982400cd257443c7\RobloxPlayerLauncher.exe -c -uninstall
Task: {27B2350B-7A76-4139-9D6F-7EA8EA7F2703} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3439573D-55BE-4A2B-B294-D43DEE9B5ABF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {40B4ED5F-2494-4652-A136-3F1895C503AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45E576AB-4F64-473E-8DAA-0119B2F1FAE3} - System32\Tasks\{CFEFDAA2-A034-4352-97C3-C12285FBC0F0} => pcalua.exe -a C:\Users\Owner\AppData\Local\{450D7351-61A5-1FE9-0C3D-3A012855C699}\uninst.exe -c -FN="C:\Users\Owner\AppData\Roaming\{455073EB-6002-1E9D-0B34-394FD7E6C471}\SyncTask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {62D3C9ED-5991-4560-9174-87CA6ED9805D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9C2A9F09-4AB3-4693-A490-7B670AE8DDBB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C6839D2F-6761-4229-B729-1E6B679C3E68} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D2134D62-70D6-475C-8E34-AC86553A6A93} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E31DA706-9D3F-4735-AA67-CC041EDDEF91} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E587813D-7858-4B9D-89CE-37089A892401} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD05EA66-07AE-461A-97E1-6FDB70FA05C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

C:\oaQ5cudonAoaQ5cudonA
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\Owner\oaQ5cudonA
C:\Users\Owner\AppData\Local\{450D7351-61A5-1FE9-0C3D-3A012855C699}
C:\Users\Owner\AppData\Roaming\8AC26A27-F11D-4383-8052-3E6CC4889984

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
HKU\S-1-5-21-1415500892-1382036065-4136962848-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0215tb => value removed successfully
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoMoparscape.lnk => moved successfully
C:\Users\Owner\MoparScape\AutoMoparscape.jar => not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
vToolbarUpdater19.5.0 => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1985ABCD-23BA-412E-9D71-F7D72F10ACAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1985ABCD-23BA-412E-9D71-F7D72F10ACAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25CEC8F0-3DC3-4F84-93B3-9C918DE7621B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25CEC8F0-3DC3-4F84-93B3-9C918DE7621B} => key removed successfully
C:\WINDOWS\System32\Tasks\{1B93A4A3-CFF6-4276-ACA5-EA4B9C48C7BD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B93A4A3-CFF6-4276-ACA5-EA4B9C48C7BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27B2350B-7A76-4139-9D6F-7EA8EA7F2703} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27B2350B-7A76-4139-9D6F-7EA8EA7F2703} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3439573D-55BE-4A2B-B294-D43DEE9B5ABF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3439573D-55BE-4A2B-B294-D43DEE9B5ABF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B4ED5F-2494-4652-A136-3F1895C503AA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B4ED5F-2494-4652-A136-3F1895C503AA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45E576AB-4F64-473E-8DAA-0119B2F1FAE3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45E576AB-4F64-473E-8DAA-0119B2F1FAE3} => key removed successfully
C:\WINDOWS\System32\Tasks\{CFEFDAA2-A034-4352-97C3-C12285FBC0F0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFEFDAA2-A034-4352-97C3-C12285FBC0F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62D3C9ED-5991-4560-9174-87CA6ED9805D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62D3C9ED-5991-4560-9174-87CA6ED9805D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C2A9F09-4AB3-4693-A490-7B670AE8DDBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C2A9F09-4AB3-4693-A490-7B670AE8DDBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6839D2F-6761-4229-B729-1E6B679C3E68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6839D2F-6761-4229-B729-1E6B679C3E68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2134D62-70D6-475C-8E34-AC86553A6A93} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2134D62-70D6-475C-8E34-AC86553A6A93} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E31DA706-9D3F-4735-AA67-CC041EDDEF91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E31DA706-9D3F-4735-AA67-CC041EDDEF91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E587813D-7858-4B9D-89CE-37089A892401} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E587813D-7858-4B9D-89CE-37089A892401} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD05EA66-07AE-461A-97E1-6FDB70FA05C9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD05EA66-07AE-461A-97E1-6FDB70FA05C9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
C:\oaQ5cudonAoaQ5cudonA => moved successfully
"C:\Program Files (x86)\AVG SafeGuard toolbar" => not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => not found.
C:\Users\Owner\oaQ5cudonA => moved successfully
"C:\Users\Owner\AppData\Local\{450D7351-61A5-1FE9-0C3D-3A012855C699}" => not found.
C:\Users\Owner\AppData\Roaming\8AC26A27-F11D-4383-8052-3E6CC4889984 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11957414 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 17356 B
Edge => 0 B
Chrome => 459555268 B
Firefox => 0 B
Opera => 0 B

4. the EEKs clean log:

Emsisoft Emergency Kit - Version 2017.2
Quarantine log

Date    Source    Event    Detection    
3/3/2017 9:53:37 PM    C:\Users\Owner\Desktop\fff\asshurt.dll    Moved to quarantine    Gen:Variant.Graftor.272182 (B)    
 

[Nanocore client running]

Malwarebyte Scan.txt

Malwarebyte txt1.txt

[Nanocore client running]

After clicking on the link you gave me, I used the Malwarebyte Anti-Malware.

I then did what you asked and use FRST.

 

Addition.txt 

FRST.txt

[Nanocore client running]

NanoCore client has appeared in my system tray and hides itself as Microsoft .NET Services Installation Tool in task manager. But the clear logo gives it away.

I looked at an older post, I ran first and used the txt file the helper gave. On restart Nanocore is still here. Please help me.

 

Fixlog.txt