Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Unwanted stuff on Google Chrome

  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default Unwanted stuff on Google Chrome

    Hi

    I hope this is the right place to get help. You have helped me before, but I can't remember exactly how to go about asking.
    I was using Chrome some while ago and I suddenly started to get ads and popups asking me to do a survey apparently relevant to the site I was on. I used Spybot and Malwarebytes, but they didn't go away. So I uninstalled Chrome.
    This was several months ago. I just tried reinstalling Chrome to see if the problem had gone, but it hasn't. I now also get a popup and a woman's voice telling me to ring a number in the US because I have a bug in my system. This seems amazingly suspicious so I haven't rung the number. I tried to uninstall Chrome but it won't let me.
    I'm really hoping you guys can help me.
    Thanks in advance - I am in UK.

    Grandadis64 (Malcolm)

    Hi Tashi

    I hope this is ok? I couldn't find an Additional.txt log!!
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by Owner (administrator) on PC (15-03-2016 15:56:26)
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
    Platform: Windows 8 (X64) Language: English (United Kingdom)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (AMD) C:\windows\System32\atiesrxx.exe
    (AMD) C:\windows\System32\atieclxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    () C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    (DSG Retail Limited) C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\windows\System32\dllhost.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
    HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [4171400 2015-10-29] (DSG Retail Limited)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: E - "E:\Phillimore_interface.exe"
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: {9dfeebe6-34cb-11e3-be71-78e3b5c3d2fb} - "G:\IVDApp.exe"
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-12] (AVAST Software)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
    ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DE133B73-3209-454D-90B4-11304963094A}: [DhcpNameServer] 192.168.1.1
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-12] (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
    BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qpgwi.default
    FF Homepage: hxxps://dub113.mail.live.com/default.aspx?n=1474583332&fid=1
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-14] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll [2015-03-02] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
    FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-27] (Sony Network Entertainment International LLC)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://dub113.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
    CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-15]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-15]
    CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
    CHR Extension: (Oxford Dictionary Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpfdikbjedijhgpmdcenknobonaafbi [2015-09-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
    CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-12] (AVAST Software)
    R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-16] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
    R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [212104 2015-10-29] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2374704 2016-02-28] (IBM Corp.)
    R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
    S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-12] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-12] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
    R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-12] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-12] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-12] (AVAST Software)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
    R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-15] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
    R1 RapportCerberus_1609031; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609031.sys [1156256 2016-03-08] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544512 2016-02-28] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215616 2016-02-28] (IBM Corp.)
    S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470112 2016-02-28] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523168 2016-02-28] (IBM Corp.)
    S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-15 15:56 - 2016-03-15 15:56 - 00024319 _____ C:\Users\Owner\Downloads\FRST.txt
    2016-03-15 15:53 - 2016-03-15 15:56 - 00000000 ____D C:\FRST
    2016-03-15 15:52 - 2016-03-15 15:52 - 02374144 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2016-03-15 15:50 - 2016-03-15 15:50 - 01725440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2016-03-15 15:49 - 2016-03-15 15:49 - 00000207 _____ C:\windows\tweaking.com-regbackup-PC-Windows-8-(64-bit).dat
    2016-03-15 15:49 - 2016-03-15 15:49 - 00000000 ____D C:\RegBackup
    2016-03-15 15:48 - 2016-03-15 15:48 - 00000000 ____D C:\Users\Owner\Desktop\color_presets
    2016-03-15 15:47 - 2016-03-15 15:47 - 00000000 ____D C:\Users\Owner\Desktop\files
    2016-03-15 15:39 - 2016-03-15 15:39 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable(1).zip
    2016-03-15 15:38 - 2016-03-15 15:38 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable.zip
    2016-03-15 11:04 - 2016-03-15 11:04 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\atnsflbm.sys
    2016-03-15 11:04 - 2016-03-15 11:04 - 00001742 _____ C:\Windows\Profiles\rpequpn
    2016-03-15 10:28 - 2016-03-15 10:28 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-03-15 10:27 - 2016-03-15 14:32 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-15 10:27 - 2016-03-15 11:11 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-15 10:27 - 2016-03-15 10:27 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-03-15 10:26 - 2016-03-15 10:26 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(4).exe
    2016-03-15 10:25 - 2016-03-15 10:25 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(3).exe
    2016-03-13 14:24 - 2016-03-13 14:24 - 00000000 ____D C:\Users\Owner\Documents\Custom Office Templates
    2016-03-12 09:57 - 2016-03-12 09:57 - 00552880 _____ (AVAST Software) C:\windows\system32\Drivers\aswnetsec.sys
    2016-03-12 09:56 - 2016-03-12 09:56 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2016-03-12 09:56 - 2016-03-12 09:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
    2016-03-09 16:13 - 2016-02-21 05:23 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2016-03-09 16:13 - 2016-02-21 03:43 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2016-03-09 16:13 - 2016-02-05 14:09 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2016-03-01 10:38 - 2016-03-01 10:38 - 00002907 _____ C:\Users\Owner\Downloads\Statement Download 2016-Mar-01 10-38-37.csv
    2016-02-28 18:44 - 2016-02-28 18:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-02-28 18:44 - 2016-02-28 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\Program Files\7-Zip
    2016-02-17 10:08 - 2016-02-17 10:25 - 1417515874 _____ C:\Users\Owner\Desktop\xcw37COMPLETEFINAL.mp4

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-15 15:50 - 2015-07-28 01:37 - 00000797 _____ C:\Users\Owner\Desktop\Settings.ini
    2016-03-15 15:49 - 2014-07-04 17:59 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-15 15:48 - 2015-10-13 08:47 - 00324864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingRegistryBackup.exe
    2016-03-15 15:48 - 2015-10-13 07:40 - 00900864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingFormControls.ocx
    2016-03-15 15:48 - 2015-10-09 06:35 - 00088832 _____ (Tweaking.com) C:\Users\Owner\Desktop\Tweaking_Tabsv2.ocx
    2016-03-15 15:48 - 2015-10-05 17:11 - 00376064 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingImgCtl.ocx
    2016-03-15 15:48 - 2014-10-07 18:04 - 00078816 _____ (PcWinTech.com) C:\Users\Owner\Desktop\pcwintech_tasksch.dll
    2016-03-15 15:48 - 2014-10-07 17:56 - 00271328 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking_com_treeview.ocx
    2016-03-15 15:48 - 2014-04-15 15:05 - 00000224 _____ C:\Users\Owner\Desktop\keywords.txt
    2016-03-15 15:48 - 2010-02-16 15:22 - 00136008 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\MSINET.Ocx
    2016-03-15 15:48 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Users\Owner\Desktop\SSubTmr6.dll
    2016-03-15 15:47 - 2015-10-13 03:36 - 00021204 _____ C:\Users\Owner\Desktop\change_log.txt
    2016-03-15 15:47 - 2012-05-17 12:26 - 00000001 _____ C:\Users\Owner\Desktop\data.dat
    2016-03-15 15:38 - 2015-10-14 12:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2016-03-15 11:57 - 2015-05-30 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-03-15 11:08 - 2012-07-26 07:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-03-15 10:28 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files (x86)\Google
    2016-03-15 10:27 - 2014-07-05 06:36 - 00003874 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-03-15 10:27 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Owner\Documents\FINANCE
    2016-03-15 10:22 - 2013-10-15 21:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2016-03-14 21:48 - 2012-07-26 05:26 - 00524288 ___SH C:\windows\system32\config\BBI
    2016-03-14 16:30 - 2013-10-24 18:54 - 03417214 _____ C:\Users\Owner\Documents\Lottery.xlsx
    2016-03-14 16:24 - 2014-09-27 10:30 - 00038746 _____ C:\Users\Owner\Documents\Book Catalogue.xlsx
    2016-03-13 19:15 - 2012-07-26 07:59 - 00000000 ____D C:\windows\CbsTemp
    2016-03-13 14:44 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Owner\Documents\Health
    2016-03-13 14:21 - 2014-05-07 18:28 - 00000000 ____D C:\Users\Owner\Documents\QUIZ
    2016-03-12 10:38 - 2015-10-14 12:43 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2016-03-12 10:20 - 2013-10-14 12:39 - 00000000 ____D C:\windows\system32\MRT
    2016-03-12 10:12 - 2013-10-14 12:39 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2016-03-12 10:02 - 2016-01-20 10:34 - 00003036 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453286043
    2016-03-12 10:02 - 2016-01-20 10:34 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-03-12 09:58 - 2013-10-15 18:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2016-03-12 09:58 - 2013-10-15 17:50 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
    2016-03-12 09:57 - 2013-11-01 19:32 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
    2016-03-12 09:57 - 2013-10-15 18:49 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
    2016-03-12 09:57 - 2013-10-15 18:49 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
    2016-03-12 09:57 - 2012-07-26 05:37 - 00000000 ____D C:\windows\Inf
    2016-03-12 09:56 - 2014-04-20 11:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
    2016-03-12 09:56 - 2013-12-27 22:45 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2016-03-12 09:56 - 2013-11-01 19:32 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
    2016-03-12 09:56 - 2013-10-15 18:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2016-03-12 09:56 - 2013-10-15 18:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
    2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ____D C:\windows\AUInstallAgent
    2016-03-10 16:44 - 2013-10-15 20:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1005
    2016-03-10 08:51 - 2013-10-13 08:50 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1001
    2016-03-10 07:20 - 2014-12-11 07:19 - 00000000 ____D C:\windows\system32\appraiser
    2016-03-08 10:37 - 2014-07-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2016-03-04 12:09 - 2016-02-08 12:06 - 00010245 _____ C:\Users\Owner\Documents\Quizclash top 50.xlsx
    2016-02-28 20:46 - 2014-07-06 08:15 - 00470112 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
    2016-02-28 20:46 - 2014-07-06 08:15 - 00215616 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
    2016-02-28 18:45 - 2014-11-13 16:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2016-02-28 18:44 - 2014-11-13 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-02-28 18:43 - 2014-11-13 16:11 - 00000000 ____D C:\ProgramData\Skype
    2016-02-23 10:24 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-23 10:23 - 2013-10-13 09:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-02-23 10:17 - 2012-07-26 07:28 - 00847336 _____ C:\windows\system32\PerfStringBackup.INI
    2016-02-17 10:25 - 2013-10-27 13:20 - 00512000 ___SH C:\Users\Owner\Desktop\Thumbs.db
    2016-02-15 12:49 - 2016-01-19 14:38 - 00010496 _____ C:\Users\Owner\Documents\Gym Jan16.xlsx

    ==================== Files in the root of some directories =======

    2015-07-16 06:09 - 2015-07-16 06:09 - 6420480 _____ () C:\Program Files (x86)\GUT4C6B.tmp
    2016-02-03 19:44 - 2016-02-03 19:44 - 0000866 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
    2015-11-10 20:05 - 2015-11-10 20:05 - 0000131 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
    2013-10-13 09:52 - 2013-10-13 09:52 - 0000046 _____ () C:\ProgramData\Temp.cmd

    Files to move or delete:
    ====================
    C:\ProgramData\Temp.cmd


    Some files in TEMP:
    ====================
    C:\Users\Paulin\AppData\Local\Temp\Delta.exe
    C:\Users\Paulin\AppData\Local\Temp\propsys.dll
    C:\Users\Paulin\AppData\Local\Temp\WSSetup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-13 14:49

    ==================== End of FRST.txt =================
    Quote Originally Posted by tashi View Post
    Hello Malcolm,

    Please see the FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Once you provide the logs in this topic I will remove my post and merge yours.

    Best regards.

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Quote Originally Posted by Blade81 View Post
    Hi,

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    Hi Blade


    Hope below is ok.


    # AdwCleaner v5.102 - Logfile created 16/03/2016 at 15:06:16
    # Updated 13/03/2016 by Xplode
    # Database : 2016-03-14.1 [Server]
    # Operating system : Windows 8 (x64)
    # Username : Owner - PC
    # Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\Program Files (x86)\myfree codec
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

    ***** [ Files ] *****

    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Found : HKCU\Software\Myfree Codec
    Key Found : HKLM\SOFTWARE\Myfree Codec
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Myfree Codec
    Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1C6E5F0E-ACF9-489F-8AD7-A8B6C9AED199}C:\program files (x86)\premieropinion\pmropn.exe]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9670F9B9-F0B0-47FC-B062-BB4E53C6D714}C:\program files (x86)\premieropinion\pmropn.exe]
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkswift.co
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

    ***** [ Web browsers ] *****

    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.yahoo.com
    [C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

    *************************

    C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3424 bytes] - [16/03/2016 15:06:16]

    ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3517 bytes] ##########

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Good. Let's continue.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    Re-run FRST and post back its logs' contents, too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Hi Blade

    Hope below are ok

    Malcolm

    # AdwCleaner v5.102 - Logfile created 16/03/2016 at 15:06:16
    # Updated 13/03/2016 by Xplode
    # Database : 2016-03-14.1 [Server]
    # Operating system : Windows 8 (x64)
    # Username : Owner - PC
    # Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\Program Files (x86)\myfree codec
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

    ***** [ Files ] *****

    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
    File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Found : HKCU\Software\Myfree Codec
    Key Found : HKLM\SOFTWARE\Myfree Codec
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Myfree Codec
    Key Found : HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1C6E5F0E-ACF9-489F-8AD7-A8B6C9AED199}C:\program files (x86)\premieropinion\pmropn.exe]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9670F9B9-F0B0-47FC-B062-BB4E53C6D714}C:\program files (x86)\premieropinion\pmropn.exe]
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkswift.co
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

    ***** [ Web browsers ] *****

    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.yahoo.com
    [C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

    *************************

    C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3424 bytes] - [16/03/2016 15:06:16]

    ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3517 bytes] ##########



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by Owner (administrator) on PC (17-03-2016 11:57:03)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
    Platform: Windows 8 (X64) Language: English (United Kingdom)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (AMD) C:\windows\System32\atiesrxx.exe
    (AMD) C:\windows\System32\atieclxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    () C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    (DSG Retail Limited) C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
    (Microsoft Corporation) C:\windows\System32\dllhost.exe
    (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
    HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [4171400 2015-10-29] (DSG Retail Limited)
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: E - "E:\Phillimore_interface.exe"
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: {9dfeebe6-34cb-11e3-be71-78e3b5c3d2fb} - "G:\IVDApp.exe"
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-12] (AVAST Software)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
    ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DE133B73-3209-454D-90B4-11304963094A}: [DhcpNameServer] 192.168.1.1
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-12] (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
    BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qpgwi.default
    FF Homepage: hxxps://dub113.mail.live.com/default.aspx?n=1474583332&fid=1
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-14] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll [2015-03-02] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
    FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-27] (Sony Network Entertainment International LLC)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://dub113.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
    CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-15]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-15]
    CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
    CHR Extension: (Oxford Dictionary Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpfdikbjedijhgpmdcenknobonaafbi [2015-09-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
    CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-12] (AVAST Software)
    R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-16] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
    R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [212104 2015-10-29] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2374704 2016-02-28] (IBM Corp.)
    R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
    S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-12] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-12] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
    R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-12] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-12] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-12] (AVAST Software)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
    R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-17] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
    R1 RapportCerberus_1609031; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609031.sys [1156256 2016-03-08] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544512 2016-02-28] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215616 2016-02-28] (IBM Corp.)
    S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470112 2016-02-28] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523168 2016-02-28] (IBM Corp.)
    S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-17 11:57 - 2016-03-17 11:57 - 00024312 _____ C:\Users\Owner\Desktop\FRST.txt
    2016-03-17 11:25 - 2016-03-17 11:26 - 01527296 _____ C:\Users\Owner\Downloads\AdwCleaner(1).exe
    2016-03-16 15:05 - 2016-03-17 11:43 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-16 15:03 - 2016-03-16 15:03 - 01527296 _____ C:\Users\Owner\Desktop\AdwCleaner.exe
    2016-03-15 15:57 - 2016-03-15 15:59 - 00050367 _____ C:\Users\Owner\Downloads\Addition.txt
    2016-03-15 15:56 - 2016-03-15 15:59 - 00036130 _____ C:\Users\Owner\Downloads\FRST.txt
    2016-03-15 15:53 - 2016-03-17 11:57 - 00000000 ____D C:\FRST
    2016-03-15 15:52 - 2016-03-15 15:52 - 02374144 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2016-03-15 15:50 - 2016-03-15 15:50 - 01725440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2016-03-15 15:49 - 2016-03-15 15:49 - 00000207 _____ C:\windows\tweaking.com-regbackup-PC-Windows-8-(64-bit).dat
    2016-03-15 15:49 - 2016-03-15 15:49 - 00000000 ____D C:\RegBackup
    2016-03-15 15:48 - 2016-03-15 15:48 - 00000000 ____D C:\Users\Owner\Desktop\color_presets
    2016-03-15 15:47 - 2016-03-15 15:47 - 00000000 ____D C:\Users\Owner\Desktop\files
    2016-03-15 15:39 - 2016-03-15 15:39 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable(1).zip
    2016-03-15 15:38 - 2016-03-15 15:38 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable.zip
    2016-03-15 11:04 - 2016-03-15 11:04 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\atnsflbm.sys
    2016-03-15 11:04 - 2016-03-15 11:04 - 00001742 _____ C:\Windows\Profiles\rpequpn
    2016-03-15 10:28 - 2016-03-15 10:28 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-03-15 10:27 - 2016-03-17 11:47 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-15 10:27 - 2016-03-17 11:32 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-15 10:27 - 2016-03-15 10:27 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-03-15 10:26 - 2016-03-15 10:26 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(4).exe
    2016-03-15 10:25 - 2016-03-15 10:25 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(3).exe
    2016-03-13 14:24 - 2016-03-13 14:24 - 00000000 ____D C:\Users\Owner\Documents\Custom Office Templates
    2016-03-12 09:57 - 2016-03-12 09:57 - 00552880 _____ (AVAST Software) C:\windows\system32\Drivers\aswnetsec.sys
    2016-03-12 09:56 - 2016-03-12 09:56 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2016-03-12 09:56 - 2016-03-12 09:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
    2016-03-09 16:13 - 2016-02-21 05:23 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2016-03-09 16:13 - 2016-02-21 03:43 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2016-03-09 16:13 - 2016-02-21 03:43 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2016-03-09 16:13 - 2016-02-05 14:09 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2016-03-01 10:38 - 2016-03-01 10:38 - 00002907 _____ C:\Users\Owner\Downloads\Statement Download 2016-Mar-01 10-38-37.csv
    2016-02-28 18:44 - 2016-02-28 18:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-02-28 18:44 - 2016-02-28 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\Program Files\7-Zip
    2016-02-17 10:08 - 2016-02-17 10:25 - 1417515874 _____ C:\Users\Owner\Desktop\xcw37COMPLETEFINAL.mp4

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-17 11:45 - 2012-07-26 07:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-03-17 11:44 - 2012-07-26 05:26 - 00524288 ___SH C:\windows\system32\config\BBI
    2016-03-17 11:38 - 2015-10-14 12:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2016-03-17 11:21 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Owner\Documents\FINANCE
    2016-03-17 10:38 - 2014-07-04 17:59 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-17 10:38 - 2014-05-07 18:28 - 00000000 ____D C:\Users\Owner\Documents\QUIZ
    2016-03-16 08:46 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-03-16 08:44 - 2013-10-13 09:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-03-16 08:29 - 2013-10-15 21:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2016-03-15 16:30 - 2016-02-08 12:06 - 00010294 _____ C:\Users\Owner\Documents\Quizclash top 50.xlsx
    2016-03-15 16:16 - 2015-03-19 13:57 - 00024990 _____ C:\Users\Owner\Documents\DVDs.xlsx
    2016-03-15 15:48 - 2015-10-13 08:47 - 00324864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingRegistryBackup.exe
    2016-03-15 15:48 - 2014-04-15 15:05 - 00000224 _____ C:\Users\Owner\Desktop\keywords.txt
    2016-03-15 15:47 - 2015-10-13 03:36 - 00021204 _____ C:\Users\Owner\Desktop\change_log.txt
    2016-03-15 15:47 - 2012-05-17 12:26 - 00000001 _____ C:\Users\Owner\Desktop\data.dat
    2016-03-15 11:57 - 2015-05-30 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-03-15 10:28 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files (x86)\Google
    2016-03-15 10:27 - 2014-07-05 06:36 - 00003874 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-03-14 16:30 - 2013-10-24 18:54 - 03417214 _____ C:\Users\Owner\Documents\Lottery.xlsx
    2016-03-14 16:24 - 2014-09-27 10:30 - 00038746 _____ C:\Users\Owner\Documents\Book Catalogue.xlsx
    2016-03-13 19:15 - 2012-07-26 07:59 - 00000000 ____D C:\windows\CbsTemp
    2016-03-13 14:44 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Owner\Documents\Health
    2016-03-12 10:38 - 2015-10-14 12:43 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2016-03-12 10:20 - 2013-10-14 12:39 - 00000000 ____D C:\windows\system32\MRT
    2016-03-12 10:12 - 2013-10-14 12:39 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2016-03-12 10:02 - 2016-01-20 10:34 - 00003036 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453286043
    2016-03-12 10:02 - 2016-01-20 10:34 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-03-12 09:58 - 2013-10-15 18:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2016-03-12 09:58 - 2013-10-15 17:50 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
    2016-03-12 09:57 - 2013-11-01 19:32 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
    2016-03-12 09:57 - 2013-10-15 18:49 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
    2016-03-12 09:57 - 2013-10-15 18:49 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
    2016-03-12 09:57 - 2012-07-26 05:37 - 00000000 ____D C:\windows\Inf
    2016-03-12 09:56 - 2014-04-20 11:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
    2016-03-12 09:56 - 2013-12-27 22:45 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2016-03-12 09:56 - 2013-11-01 19:32 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
    2016-03-12 09:56 - 2013-10-15 18:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2016-03-12 09:56 - 2013-10-15 18:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
    2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ____D C:\windows\AUInstallAgent
    2016-03-10 16:44 - 2013-10-15 20:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1005
    2016-03-10 08:51 - 2013-10-13 08:50 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1001
    2016-03-10 07:20 - 2014-12-11 07:19 - 00000000 ____D C:\windows\system32\appraiser
    2016-03-08 10:37 - 2014-07-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2016-02-28 20:46 - 2014-07-06 08:15 - 00470112 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
    2016-02-28 20:46 - 2014-07-06 08:15 - 00215616 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
    2016-02-28 18:45 - 2014-11-13 16:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2016-02-28 18:44 - 2014-11-13 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-02-28 18:43 - 2014-11-13 16:11 - 00000000 ____D C:\ProgramData\Skype
    2016-02-23 10:17 - 2012-07-26 07:28 - 00847336 _____ C:\windows\system32\PerfStringBackup.INI
    2016-02-17 10:25 - 2013-10-27 13:20 - 00512000 ___SH C:\Users\Owner\Desktop\Thumbs.db

    ==================== Files in the root of some directories =======

    2015-07-16 06:09 - 2015-07-16 06:09 - 6420480 _____ () C:\Program Files (x86)\GUT4C6B.tmp
    2016-02-03 19:44 - 2016-02-03 19:44 - 0000866 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
    2015-11-10 20:05 - 2015-11-10 20:05 - 0000131 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
    2013-10-13 09:52 - 2013-10-13 09:52 - 0000046 _____ () C:\ProgramData\Temp.cmd

    Files to move or delete:
    ====================
    C:\ProgramData\Temp.cmd


    Some files in TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
    C:\Users\Paulin\AppData\Local\Temp\Delta.exe
    C:\Users\Paulin\AppData\Local\Temp\propsys.dll
    C:\Users\Paulin\AppData\Local\Temp\WSSetup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-13 14:49



    Quote Originally Posted by Blade81 View Post
    Hi,

    Good. Let's continue.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    Re-run FRST and post back its logs' contents, too.

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Sorry, I asked you for a wrong AdwCleaner log. Please go to C:\Program Files (x86)\AdwCleaner folder and see if you can find AdwCleaner[C1].txt file there. Post back its contents if found.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Here you are

    # AdwCleaner v5.102 - Logfile created 17/03/2016 at 11:43:51
    # Updated 13/03/2016 by Xplode
    # Database : 2016-03-16.1 [Server]
    # Operating system : Windows 8 (x64)
    # Username : Owner - PC
    # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\myfree codec
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
    [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    [-] Key Deleted : HKCU\Software\Myfree Codec
    [-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1C6E5F0E-ACF9-489F-8AD7-A8B6C9AED199}C:\program files (x86)\premieropinion\pmropn.exe]
    [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9670F9B9-F0B0-47FC-B062-BB4E53C6D714}C:\program files (x86)\premieropinion\pmropn.exe]
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkswift.co
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
    [-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.yahoo.com
    [-] [C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3439 bytes] - [17/03/2016 11:43:51]
    C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3616 bytes] - [16/03/2016 15:06:16]
    C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [3707 bytes] - [17/03/2016 11:28:29]

    ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3718 bytes] ##########

    Quote Originally Posted by Blade81 View Post
    Hi,

    Sorry, I asked you for a wrong AdwCleaner log. Please go to C:\Program Files (x86)\AdwCleaner folder and see if you can find AdwCleaner[C1].txt file there. Post back its contents if found.

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the Desktop as fixlist.txt.

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post its contents to your reply. Any issues left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Nov 2013
    Posts
    27

    Default

    Hi

    Please see fixlog below.
    Does this mean Chrome is now ok to use?

    If yes, thank you very much for all your help and expertise.

    Malcolm

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Owner (2016-03-18 14:19:33) Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    *****************

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    "HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
    HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
    HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
    HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

    ==== End of Fixlog 14:19:33 ====


    Quote Originally Posted by Blade81 View Post
    Hi,

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the Desktop as fixlist.txt.



    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post its contents to your reply. Any issues left?

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Does this mean Chrome is now ok to use?
    Please see how it works and let me know if there are issues left.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •