PDA

View Full Version : Unwanted stuff on Google Chrome



grandadis64
2016-03-15, 18:07
Hi

I hope this is the right place to get help. You have helped me before, but I can't remember exactly how to go about asking.
I was using Chrome some while ago and I suddenly started to get ads and popups asking me to do a survey apparently relevant to the site I was on. I used Spybot and Malwarebytes, but they didn't go away. So I uninstalled Chrome.
This was several months ago. I just tried reinstalling Chrome to see if the problem had gone, but it hasn't. I now also get a popup and a woman's voice telling me to ring a number in the US because I have a bug in my system. This seems amazingly suspicious so I haven't rung the number. I tried to uninstall Chrome but it won't let me.
I'm really hoping you guys can help me.
Thanks in advance - I am in UK.

Grandadis64 (Malcolm)

Hi Tashi

I hope this is ok? I couldn't find an Additional.txt log!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Owner (administrator) on PC (15-03-2016 15:56:26)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
Platform: Windows 8 (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(DSG Retail Limited) C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [4171400 2015-10-29] (DSG Retail Limited)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: E - "E:\Phillimore_interface.exe"
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: {9dfeebe6-34cb-11e3-be71-78e3b5c3d2fb} - "G:\IVDApp.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE133B73-3209-454D-90B4-11304963094A}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-12] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qpgwi.default
FF Homepage: hxxps://dub113.mail.live.com/default.aspx?n=1474583332&fid=1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll [2015-03-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-27] (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://dub113.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-15]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
CHR Extension: (Oxford Dictionary Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpfdikbjedijhgpmdcenknobonaafbi [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-12] (AVAST Software)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-16] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [212104 2015-10-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2374704 2016-02-28] (IBM Corp.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-12] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R1 RapportCerberus_1609031; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609031.sys [1156256 2016-03-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544512 2016-02-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215616 2016-02-28] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470112 2016-02-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523168 2016-02-28] (IBM Corp.)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 15:56 - 2016-03-15 15:56 - 00024319 _____ C:\Users\Owner\Downloads\FRST.txt
2016-03-15 15:53 - 2016-03-15 15:56 - 00000000 ____D C:\FRST
2016-03-15 15:52 - 2016-03-15 15:52 - 02374144 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-03-15 15:50 - 2016-03-15 15:50 - 01725440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2016-03-15 15:49 - 2016-03-15 15:49 - 00000207 _____ C:\windows\tweaking.com-regbackup-PC-Windows-8-(64-bit).dat
2016-03-15 15:49 - 2016-03-15 15:49 - 00000000 ____D C:\RegBackup
2016-03-15 15:48 - 2016-03-15 15:48 - 00000000 ____D C:\Users\Owner\Desktop\color_presets
2016-03-15 15:47 - 2016-03-15 15:47 - 00000000 ____D C:\Users\Owner\Desktop\files
2016-03-15 15:39 - 2016-03-15 15:39 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable(1).zip
2016-03-15 15:38 - 2016-03-15 15:38 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable.zip
2016-03-15 11:04 - 2016-03-15 11:04 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\atnsflbm.sys
2016-03-15 11:04 - 2016-03-15 11:04 - 00001742 _____ C:\Windows\Profiles\rpequpn
2016-03-15 10:28 - 2016-03-15 10:28 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:27 - 2016-03-15 14:32 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 10:27 - 2016-03-15 11:11 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 10:27 - 2016-03-15 10:27 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-15 10:26 - 2016-03-15 10:26 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(4).exe
2016-03-15 10:25 - 2016-03-15 10:25 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(3).exe
2016-03-13 14:24 - 2016-03-13 14:24 - 00000000 ____D C:\Users\Owner\Documents\Custom Office Templates
2016-03-12 09:57 - 2016-03-12 09:57 - 00552880 _____ (AVAST Software) C:\windows\system32\Drivers\aswnetsec.sys
2016-03-12 09:56 - 2016-03-12 09:56 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-03-12 09:56 - 2016-03-12 09:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-03-09 16:13 - 2016-02-21 05:23 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-09 16:13 - 2016-02-21 03:43 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-09 16:13 - 2016-02-05 14:09 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-01 10:38 - 2016-03-01 10:38 - 00002907 _____ C:\Users\Owner\Downloads\Statement Download 2016-Mar-01 10-38-37.csv
2016-02-28 18:44 - 2016-02-28 18:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-28 18:44 - 2016-02-28 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\Program Files\7-Zip
2016-02-17 10:08 - 2016-02-17 10:25 - 1417515874 _____ C:\Users\Owner\Desktop\xcw37COMPLETEFINAL.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 15:50 - 2015-07-28 01:37 - 00000797 _____ C:\Users\Owner\Desktop\Settings.ini
2016-03-15 15:49 - 2014-07-04 17:59 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-15 15:48 - 2015-10-13 08:47 - 00324864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingRegistryBackup.exe
2016-03-15 15:48 - 2015-10-13 07:40 - 00900864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingFormControls.ocx
2016-03-15 15:48 - 2015-10-09 06:35 - 00088832 _____ (Tweaking.com) C:\Users\Owner\Desktop\Tweaking_Tabsv2.ocx
2016-03-15 15:48 - 2015-10-05 17:11 - 00376064 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingImgCtl.ocx
2016-03-15 15:48 - 2014-10-07 18:04 - 00078816 _____ (PcWinTech.com) C:\Users\Owner\Desktop\pcwintech_tasksch.dll
2016-03-15 15:48 - 2014-10-07 17:56 - 00271328 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking_com_treeview.ocx
2016-03-15 15:48 - 2014-04-15 15:05 - 00000224 _____ C:\Users\Owner\Desktop\keywords.txt
2016-03-15 15:48 - 2010-02-16 15:22 - 00136008 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\MSINET.Ocx
2016-03-15 15:48 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Users\Owner\Desktop\SSubTmr6.dll
2016-03-15 15:47 - 2015-10-13 03:36 - 00021204 _____ C:\Users\Owner\Desktop\change_log.txt
2016-03-15 15:47 - 2012-05-17 12:26 - 00000001 _____ C:\Users\Owner\Desktop\data.dat
2016-03-15 15:38 - 2015-10-14 12:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-15 11:57 - 2015-05-30 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-15 11:08 - 2012-07-26 07:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-15 10:28 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-15 10:27 - 2014-07-05 06:36 - 00003874 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-15 10:27 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Owner\Documents\FINANCE
2016-03-15 10:22 - 2013-10-15 21:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-03-14 21:48 - 2012-07-26 05:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-03-14 16:30 - 2013-10-24 18:54 - 03417214 _____ C:\Users\Owner\Documents\Lottery.xlsx
2016-03-14 16:24 - 2014-09-27 10:30 - 00038746 _____ C:\Users\Owner\Documents\Book Catalogue.xlsx
2016-03-13 19:15 - 2012-07-26 07:59 - 00000000 ____D C:\windows\CbsTemp
2016-03-13 14:44 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Owner\Documents\Health
2016-03-13 14:21 - 2014-05-07 18:28 - 00000000 ____D C:\Users\Owner\Documents\QUIZ
2016-03-12 10:38 - 2015-10-14 12:43 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 10:20 - 2013-10-14 12:39 - 00000000 ____D C:\windows\system32\MRT
2016-03-12 10:12 - 2013-10-14 12:39 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-12 10:02 - 2016-01-20 10:34 - 00003036 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453286043
2016-03-12 10:02 - 2016-01-20 10:34 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-12 09:58 - 2013-10-15 18:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-03-12 09:58 - 2013-10-15 17:50 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-03-12 09:57 - 2013-11-01 19:32 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-12 09:57 - 2013-10-15 18:49 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-03-12 09:57 - 2013-10-15 18:49 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-03-12 09:57 - 2012-07-26 05:37 - 00000000 ____D C:\windows\Inf
2016-03-12 09:56 - 2014-04-20 11:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-03-12 09:56 - 2013-12-27 22:45 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-03-12 09:56 - 2013-11-01 19:32 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-03-10 16:44 - 2013-10-15 20:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1005
2016-03-10 08:51 - 2013-10-13 08:50 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1001
2016-03-10 07:20 - 2014-12-11 07:19 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 10:37 - 2014-07-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-04 12:09 - 2016-02-08 12:06 - 00010245 _____ C:\Users\Owner\Documents\Quizclash top 50.xlsx
2016-02-28 20:46 - 2014-07-06 08:15 - 00470112 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2016-02-28 20:46 - 2014-07-06 08:15 - 00215616 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
2016-02-28 18:45 - 2014-11-13 16:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-02-28 18:44 - 2014-11-13 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-28 18:43 - 2014-11-13 16:11 - 00000000 ____D C:\ProgramData\Skype
2016-02-23 10:24 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 10:23 - 2013-10-13 09:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-23 10:17 - 2012-07-26 07:28 - 00847336 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-17 10:25 - 2013-10-27 13:20 - 00512000 ___SH C:\Users\Owner\Desktop\Thumbs.db
2016-02-15 12:49 - 2016-01-19 14:38 - 00010496 _____ C:\Users\Owner\Documents\Gym Jan16.xlsx

==================== Files in the root of some directories =======

2015-07-16 06:09 - 2015-07-16 06:09 - 6420480 _____ () C:\Program Files (x86)\GUT4C6B.tmp
2016-02-03 19:44 - 2016-02-03 19:44 - 0000866 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-10 20:05 - 2015-11-10 20:05 - 0000131 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2013-10-13 09:52 - 2013-10-13 09:52 - 0000046 _____ () C:\ProgramData\Temp.cmd

Files to move or delete:
====================
C:\ProgramData\Temp.cmd


Some files in TEMP:
====================
C:\Users\Paulin\AppData\Local\Temp\Delta.exe
C:\Users\Paulin\AppData\Local\Temp\propsys.dll
C:\Users\Paulin\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-13 14:49

==================== End of FRST.txt =================
Hello Malcolm, https://forums.spybot.info/images/smilies/animated/greeting.gif

Please see the FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Once you provide the logs in this topic I will remove my post and merge yours. https://forums.spybot.info/images/smilies/smile.png

Best regards.

Blade81
2016-03-16, 13:13
Hi,

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Scan.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

grandadis64
2016-03-16, 17:50
Hi,

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Scan.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.



Hi Blade


Hope below is ok.


# AdwCleaner v5.102 - Logfile created 16/03/2016 at 15:06:16
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 8 (x64)
# Username : Owner - PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****

File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Myfree Codec
Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1C6E5F0E-ACF9-489F-8AD7-A8B6C9AED199}C:\program files (x86)\premieropinion\pmropn.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9670F9B9-F0B0-47FC-B062-BB4E53C6D714}C:\program files (x86)\premieropinion\pmropn.exe]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkswift.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

***** [ Web browsers ] *****

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.yahoo.com
[C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3424 bytes] - [16/03/2016 15:06:16]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3517 bytes] ##########

Blade81
2016-03-17, 11:37
Hi,

Good. Let's continue.


Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Re-run FRST and post back its logs' contents, too.

grandadis64
2016-03-17, 14:08
Hi Blade

Hope below are ok

Malcolm

# AdwCleaner v5.102 - Logfile created 16/03/2016 at 15:06:16
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 8 (x64)
# Username : Owner - PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****

File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Myfree Codec
Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1C6E5F0E-ACF9-489F-8AD7-A8B6C9AED199}C:\program files (x86)\premieropinion\pmropn.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9670F9B9-F0B0-47FC-B062-BB4E53C6D714}C:\program files (x86)\premieropinion\pmropn.exe]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkswift.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

***** [ Web browsers ] *****

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.yahoo.com
[C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3424 bytes] - [16/03/2016 15:06:16]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3517 bytes] ##########



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Owner (administrator) on PC (17-03-2016 11:57:03)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
Platform: Windows 8 (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(DSG Retail Limited) C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [4171400 2015-10-29] (DSG Retail Limited)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: E - "E:\Phillimore_interface.exe"
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: {9dfeebe6-34cb-11e3-be71-78e3b5c3d2fb} - "G:\IVDApp.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE133B73-3209-454D-90B4-11304963094A}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-12] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qpgwi.default
FF Homepage: hxxps://dub113.mail.live.com/default.aspx?n=1474583332&fid=1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll [2015-03-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-27] (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://dub113.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-15]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
CHR Extension: (Oxford Dictionary Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpfdikbjedijhgpmdcenknobonaafbi [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-12] (AVAST Software)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-16] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [212104 2015-10-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2374704 2016-02-28] (IBM Corp.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-12] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R1 RapportCerberus_1609031; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609031.sys [1156256 2016-03-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544512 2016-02-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215616 2016-02-28] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470112 2016-02-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523168 2016-02-28] (IBM Corp.)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 11:57 - 2016-03-17 11:57 - 00024312 _____ C:\Users\Owner\Desktop\FRST.txt
2016-03-17 11:25 - 2016-03-17 11:26 - 01527296 _____ C:\Users\Owner\Downloads\AdwCleaner(1).exe
2016-03-16 15:05 - 2016-03-17 11:43 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-16 15:03 - 2016-03-16 15:03 - 01527296 _____ C:\Users\Owner\Desktop\AdwCleaner.exe
2016-03-15 15:57 - 2016-03-15 15:59 - 00050367 _____ C:\Users\Owner\Downloads\Addition.txt
2016-03-15 15:56 - 2016-03-15 15:59 - 00036130 _____ C:\Users\Owner\Downloads\FRST.txt
2016-03-15 15:53 - 2016-03-17 11:57 - 00000000 ____D C:\FRST
2016-03-15 15:52 - 2016-03-15 15:52 - 02374144 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-03-15 15:50 - 2016-03-15 15:50 - 01725440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2016-03-15 15:49 - 2016-03-15 15:49 - 00000207 _____ C:\windows\tweaking.com-regbackup-PC-Windows-8-(64-bit).dat
2016-03-15 15:49 - 2016-03-15 15:49 - 00000000 ____D C:\RegBackup
2016-03-15 15:48 - 2016-03-15 15:48 - 00000000 ____D C:\Users\Owner\Desktop\color_presets
2016-03-15 15:47 - 2016-03-15 15:47 - 00000000 ____D C:\Users\Owner\Desktop\files
2016-03-15 15:39 - 2016-03-15 15:39 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable(1).zip
2016-03-15 15:38 - 2016-03-15 15:38 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable.zip
2016-03-15 11:04 - 2016-03-15 11:04 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\atnsflbm.sys
2016-03-15 11:04 - 2016-03-15 11:04 - 00001742 _____ C:\Windows\Profiles\rpequpn
2016-03-15 10:28 - 2016-03-15 10:28 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:27 - 2016-03-17 11:47 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 10:27 - 2016-03-17 11:32 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 10:27 - 2016-03-15 10:27 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-15 10:26 - 2016-03-15 10:26 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(4).exe
2016-03-15 10:25 - 2016-03-15 10:25 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(3).exe
2016-03-13 14:24 - 2016-03-13 14:24 - 00000000 ____D C:\Users\Owner\Documents\Custom Office Templates
2016-03-12 09:57 - 2016-03-12 09:57 - 00552880 _____ (AVAST Software) C:\windows\system32\Drivers\aswnetsec.sys
2016-03-12 09:56 - 2016-03-12 09:56 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-03-12 09:56 - 2016-03-12 09:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-03-09 16:13 - 2016-02-21 05:23 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-09 16:13 - 2016-02-21 03:43 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-09 16:13 - 2016-02-05 14:09 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-01 10:38 - 2016-03-01 10:38 - 00002907 _____ C:\Users\Owner\Downloads\Statement Download 2016-Mar-01 10-38-37.csv
2016-02-28 18:44 - 2016-02-28 18:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-28 18:44 - 2016-02-28 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\Program Files\7-Zip
2016-02-17 10:08 - 2016-02-17 10:25 - 1417515874 _____ C:\Users\Owner\Desktop\xcw37COMPLETEFINAL.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 11:45 - 2012-07-26 07:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-17 11:44 - 2012-07-26 05:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-03-17 11:38 - 2015-10-14 12:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-17 11:21 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Owner\Documents\FINANCE
2016-03-17 10:38 - 2014-07-04 17:59 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 10:38 - 2014-05-07 18:28 - 00000000 ____D C:\Users\Owner\Documents\QUIZ
2016-03-16 08:46 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 08:44 - 2013-10-13 09:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-16 08:29 - 2013-10-15 21:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-03-15 16:30 - 2016-02-08 12:06 - 00010294 _____ C:\Users\Owner\Documents\Quizclash top 50.xlsx
2016-03-15 16:16 - 2015-03-19 13:57 - 00024990 _____ C:\Users\Owner\Documents\DVDs.xlsx
2016-03-15 15:48 - 2015-10-13 08:47 - 00324864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingRegistryBackup.exe
2016-03-15 15:48 - 2014-04-15 15:05 - 00000224 _____ C:\Users\Owner\Desktop\keywords.txt
2016-03-15 15:47 - 2015-10-13 03:36 - 00021204 _____ C:\Users\Owner\Desktop\change_log.txt
2016-03-15 15:47 - 2012-05-17 12:26 - 00000001 _____ C:\Users\Owner\Desktop\data.dat
2016-03-15 11:57 - 2015-05-30 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-15 10:28 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-15 10:27 - 2014-07-05 06:36 - 00003874 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-14 16:30 - 2013-10-24 18:54 - 03417214 _____ C:\Users\Owner\Documents\Lottery.xlsx
2016-03-14 16:24 - 2014-09-27 10:30 - 00038746 _____ C:\Users\Owner\Documents\Book Catalogue.xlsx
2016-03-13 19:15 - 2012-07-26 07:59 - 00000000 ____D C:\windows\CbsTemp
2016-03-13 14:44 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Owner\Documents\Health
2016-03-12 10:38 - 2015-10-14 12:43 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 10:20 - 2013-10-14 12:39 - 00000000 ____D C:\windows\system32\MRT
2016-03-12 10:12 - 2013-10-14 12:39 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-12 10:02 - 2016-01-20 10:34 - 00003036 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453286043
2016-03-12 10:02 - 2016-01-20 10:34 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-12 09:58 - 2013-10-15 18:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-03-12 09:58 - 2013-10-15 17:50 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-03-12 09:57 - 2013-11-01 19:32 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-12 09:57 - 2013-10-15 18:49 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-03-12 09:57 - 2013-10-15 18:49 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-03-12 09:57 - 2012-07-26 05:37 - 00000000 ____D C:\windows\Inf
2016-03-12 09:56 - 2014-04-20 11:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-03-12 09:56 - 2013-12-27 22:45 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-03-12 09:56 - 2013-11-01 19:32 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-03-10 16:44 - 2013-10-15 20:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1005
2016-03-10 08:51 - 2013-10-13 08:50 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1001
2016-03-10 07:20 - 2014-12-11 07:19 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 10:37 - 2014-07-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-02-28 20:46 - 2014-07-06 08:15 - 00470112 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2016-02-28 20:46 - 2014-07-06 08:15 - 00215616 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
2016-02-28 18:45 - 2014-11-13 16:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-02-28 18:44 - 2014-11-13 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-28 18:43 - 2014-11-13 16:11 - 00000000 ____D C:\ProgramData\Skype
2016-02-23 10:17 - 2012-07-26 07:28 - 00847336 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-17 10:25 - 2013-10-27 13:20 - 00512000 ___SH C:\Users\Owner\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2015-07-16 06:09 - 2015-07-16 06:09 - 6420480 _____ () C:\Program Files (x86)\GUT4C6B.tmp
2016-02-03 19:44 - 2016-02-03 19:44 - 0000866 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-10 20:05 - 2015-11-10 20:05 - 0000131 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2013-10-13 09:52 - 2013-10-13 09:52 - 0000046 _____ () C:\ProgramData\Temp.cmd

Files to move or delete:
====================
C:\ProgramData\Temp.cmd


Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Paulin\AppData\Local\Temp\Delta.exe
C:\Users\Paulin\AppData\Local\Temp\propsys.dll
C:\Users\Paulin\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-13 14:49




Hi,

Good. Let's continue.


Close all open programs and internet browsers.
Double click on [B]adwcleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Re-run FRST and post back its logs' contents, too.

Blade81
2016-03-17, 15:35
Hi,

Sorry, I asked you for a wrong AdwCleaner log. Please go to C:\Program Files (x86)\AdwCleaner folder and see if you can find AdwCleaner[C1].txt file there. Post back its contents if found.

grandadis64
2016-03-17, 16:13
Here you are

# AdwCleaner v5.102 - Logfile created 17/03/2016 at 11:43:51
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Windows 8 (x64)
# Username : Owner - PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****

[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1C6E5F0E-ACF9-489F-8AD7-A8B6C9AED199}C:\program files (x86)\premieropinion\pmropn.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9670F9B9-F0B0-47FC-B062-BB4E53C6D714}C:\program files (x86)\premieropinion\pmropn.exe]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkswift.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.yahoo.com
[-] [C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3439 bytes] - [17/03/2016 11:43:51]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3616 bytes] - [16/03/2016 15:06:16]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [3707 bytes] - [17/03/2016 11:28:29]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3718 bytes] ##########


Hi,

Sorry, I asked you for a wrong AdwCleaner log. Please go to C:\Program Files (x86)\AdwCleaner folder and see if you can find AdwCleaner[C1].txt file there. Post back its contents if found.

Blade81
2016-03-18, 15:12
Hi,

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the Desktop as fixlist.txt.



HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post its contents to your reply. Any issues left?

grandadis64
2016-03-18, 16:25
Hi

Please see fixlog below.
Does this mean Chrome is now ok to use?

If yes, thank you very much for all your help and expertise.

Malcolm

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Owner (2016-03-18 14:19:33) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

==== End of Fixlog 14:19:33 ====



Hi,

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the Desktop as fixlist.txt.



NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post its contents to your reply. Any issues left?

Blade81
2016-03-18, 16:52
Hi,


Does this mean Chrome is now ok to use?
Please see how it works and let me know if there are issues left.

grandadis64
2016-03-18, 18:02
Hi,


Please see how it works and let me know if there are issues left.

Hi

No, still getting popup telling me I have a virus and need to ring the number given.

grandadis64
2016-03-18, 18:05
Hi,


Please see how it works and let me know if there are issues left.

Hi

Still getting popups telling me to ring number because it says I have a virus.

Blade81
2016-03-18, 18:23
Hi,

Does the issue occur no matter what page is opened? The same doesn't occur with Firefox/IE?

grandadis64
2016-03-18, 21:07
Hi,

Does the issue occur no matter what page is opened? The same doesn't occur with Firefox/IE?




Yes, it seems to happen on many sites, usually a survey relevant to the site, and then a warning that I have a virus and need to make a call.

Firefox and IE seem to be ok.

Blade81
2016-03-18, 21:52
Hi,

Could you take a screenshot of Chrome showing the problem and attach it here?

grandadis64
2016-03-18, 22:12
Hi,

Could you take a screenshot of Chrome showing the problem and attach it here?


Hi

Had trouble with this. Have attached PDF file, but it's a bit "bitty".
I took 2 screenprints, as on the first one, one popup was on top of another.
Hope this is ok.

Blade81
2016-03-19, 16:17
Thanks for the screenshots! Let's see if resetting Chrome settings helps:
1. Open Chrome.
2. In the top right, click the Chrome menu icon.
3. Click Settings.
4. At the bottom, click Show advanced settings.
5. Under the section "Reset settings,” click Reset settings.
6. In the box that appears, click Reset.

grandadis64
2016-03-19, 20:28
Thanks for the screenshots! Let's see if resetting Chrome settings helps:
1. Open Chrome.
2. In the top right, click the Chrome menu icon.
3. Click Settings.
4. At the bottom, click Show advanced settings.
5. Under the section "Reset settings,” click Reset settings.
6. In the box that appears, click Reset.

Aha, that seems to be ok now.
Do you have any idea why this happened, so I can avoid a recurrence?

Thanks again for your help and patience.

Blade81
2016-03-21, 10:21
Hi,

Good to hear that helped :)

Unfortunately, I'm not sure what caused the problem. Interesting thing is that the issue didn't happen with other browsers.

Please download delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) and save it to your desktop.
Right-click on delfix.exe and select " Run as administrator " to run it.
Check the following boxes then click on Run.

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
All tools we used to clean your computer should be gone now.
You can now delete any tools/logs we used if they remain on your computer.


See if there are important updates available for Windows and install those. Note: Windows 10 may be offered as one of the updates on the list. Make sure it's not checked on the list if you don't want to upgrade.

grandadis64
2016-03-21, 12:59
Okay, brilliant all done now, thanks again.




Hi,

Good to hear that helped :)

Unfortunately, I'm not sure what caused the problem. Interesting thing is that the issue didn't happen with other browsers.

Please download delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) and save it to your desktop.
Right-click on delfix.exe and select " Run as administrator " to run it.
Check the following boxes then click on Run.

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
All tools we used to clean your computer should be gone now.
You can now delete any tools/logs we used if they remain on your computer.


See if there are important updates available for Windows and install those. Note: Windows 10 may be offered as one of the updates on the list. Make sure it's not checked on the list if you don't want to upgrade.

Blade81
2016-03-23, 09:52
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.