Solved Browser Redirect - SpringFiles?

[Calibrate]

One of the random popup pages said I had been infected by the Zeus Virus. Obviously I doubt the source of the information but it may be relevant nonetheless. All help appreciated.

FRST log-

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Robert (administrator) on ROBS_LAPTOP (14-06-2016 13:47:58)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: Robert & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-15] (AVAST Software)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896472 2016-06-14] (Webroot)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\Run: [Dropbox Update] => C:\Users\Robert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2065280 2016-05-19] (Sony)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\MountPoints2: {ff342493-2860-11e6-8300-0c54a52d9b0a} - "E:\startme.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-234256130-4129765883-971741967-1001] => hxxp://un-stop.info/wpad.dat?98e30d21d4b2481af938d2a7104d508b11530750
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{2b42187b-9326-4ef1-b9d4-029c48d0f127}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9b494516-d7c8-4635-a9b0-b499c8c26e57}: [DhcpNameServer] 194.168.4.100 194.168.8.100
ManualProxies: 0hxxp://un-stop.info/wpad.dat?98e30d21d4b2481af938d2a7104d508b11530750

Internet Explorer:
==================
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKU\S-1-5-21-234256130-4129765883-971741967-1001 -> DefaultScope {888AF55B-43BC-480D-8929-71248BCD3925} URL =
SearchScopes: HKU\S-1-5-21-234256130-4129765883-971741967-1001 -> {888AF55B-43BC-480D-8929-71248BCD3925} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-14] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-14] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-04] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-23] [not signed]

Chrome:
=======
CHR HKU\S-1-5-21-234256130-4129765883-971741967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-234256130-4129765883-971741967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Robert\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-23]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-20] (Avast Software)
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-05-30] (IBM Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [896472 2016-06-14] (Webroot)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-23] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-06-01] (Sony Mobile Communications)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1609041; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609041.sys [1157864 2016-06-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-30] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-30] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-30] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-30] (IBM Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-20] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-06-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [54512 2016-06-14] (Webroot)
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 13:47 - 2016-06-14 13:48 - 00024688 _____ C:\Users\Robert\Downloads\FRST.txt
2016-06-14 13:45 - 2016-06-14 13:47 - 00000000 ____D C:\FRST
2016-06-14 13:45 - 2016-06-14 13:45 - 02385920 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-06-14 12:08 - 2016-06-14 13:29 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-06-14 12:08 - 2016-06-14 12:08 - 00181176 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-06-14 12:08 - 2016-06-14 12:08 - 00115768 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-06-14 12:08 - 2016-06-14 12:08 - 00054512 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-06-14 12:08 - 2016-06-14 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-06-14 12:08 - 2016-06-14 12:08 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-06-14 12:07 - 2016-06-14 13:37 - 00000000 ____D C:\ProgramData\WRData
2016-06-14 12:07 - 2016-06-14 12:07 - 00000000 ____D C:\Program Files\Webroot
2016-06-14 11:38 - 2016-06-14 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-13 18:26 - 2016-06-13 20:29 - 00000000 ____D C:\Program Files (x86)\SrpnFiles
2016-06-13 18:26 - 2016-06-13 18:26 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SpringFiles
2016-06-04 13:52 - 2016-06-04 13:52 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 10:40 - 2016-06-02 10:40 - 00085648 _____ C:\Users\Robert\Desktop\32 Marshall plus virgin.odt
2016-06-01 22:43 - 2016-06-01 22:43 - 00030424 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggsomc.sys
2016-06-01 22:43 - 2016-06-01 22:43 - 00016088 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\Users\Robert\.oracle_jre_usage
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\ProgramData\Sony Mobile
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2016-06-01 22:39 - 2016-06-01 22:39 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Apple Computer
2016-06-01 22:35 - 2016-06-01 22:35 - 00002677 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\Users\Robert\Documents\Sony
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\Program Files (x86)\Sony
2016-05-26 23:14 - 2016-05-26 23:14 - 00009104 _____ C:\Users\Robert\Desktop\NQT questions.odt
2016-05-23 19:57 - 2016-05-23 19:57 - 00000000 ___RD C:\Users\Robert\Downloads\325289AEDD75.TorrentRTFREE_qtx9tqphctw9r!App

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 13:31 - 2016-01-02 21:59 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-06-14 13:29 - 2016-01-02 21:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-14 12:13 - 2016-01-02 21:24 - 00000000 ____D C:\Users\Robert
2016-06-14 12:13 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-14 11:51 - 2015-06-19 14:39 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-234256130-4129765883-971741967-1001UA.job
2016-06-14 11:51 - 2014-04-21 21:26 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-06-14 11:51 - 2014-04-21 21:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-14 11:40 - 2014-06-17 16:33 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2016-06-14 11:39 - 2014-06-17 16:33 - 00000000 ____D C:\ProgramData\Skype
2016-06-14 11:38 - 2014-06-17 16:33 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-14 11:38 - 2014-06-17 16:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-14 11:38 - 2014-06-17 16:33 - 00000000 ____D C:\Users\Robert\AppData\Local\Skype
2016-06-13 20:23 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-13 18:50 - 2015-06-19 14:39 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-234256130-4129765883-971741967-1001Core.job
2016-06-13 13:11 - 2014-04-21 21:27 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-11 13:54 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-10 11:36 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-08 21:46 - 2014-04-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-06-08 20:57 - 2016-01-02 22:00 - 00000000 ____D C:\Users\Robert\AppData\Local\Comms
2016-06-04 23:24 - 2016-01-11 19:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 13:53 - 2015-01-05 19:26 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2016-06-01 22:35 - 2013-11-20 21:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-01 22:33 - 2016-01-02 21:41 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-31 21:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-30 17:04 - 2014-04-21 21:49 - 00470056 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-05-30 17:04 - 2014-04-21 21:49 - 00215560 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-05-28 08:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-28 08:32 - 2014-05-03 14:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-23 19:47 - 2013-12-28 19:08 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2016-05-18 18:09 - 2016-01-02 22:32 - 00002377 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-18 18:09 - 2016-01-02 22:32 - 00000000 ___RD C:\Users\Robert\OneDrive
2016-05-17 19:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-16 22:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-15 11:26 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories =======

2015-12-23 01:41 - 2015-12-23 01:41 - 0000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg
2014-06-03 22:41 - 2014-04-04 22:41 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\PresentationCore.dll
C:\Users\Administrator\AppData\Local\Temp\PresentationFramework.dll
C:\Users\Administrator\AppData\Local\Temp\ReachFramework.dll
C:\Users\Administrator\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\Administrator\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\Administrator\AppData\Local\Temp\WindowsBase.dll
C:\Users\Administrator\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Robert\AppData\Local\Temp\4Am6AibRnj.exe
C:\Users\Robert\AppData\Local\Temp\99Pp0dXgv6.exe
C:\Users\Robert\AppData\Local\Temp\mFyPnrbEd1.exe
C:\Users\Robert\AppData\Local\Temp\nseB286.tmp.exe
C:\Users\Robert\AppData\Local\Temp\xcs9061.tmp.exe
C:\Users\Robert\AppData\Local\Temp\{FA23E709-5365-496B-9D01-98AE9AF0DFD5}-50.0.2661.94_49.0.2623.112_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-09 22:31

==================== End of FRST.txt ============================

-----------------------------------------------------

adwCleaner log-

# AdwCleaner v5.119 - Logfile created 14/06/2016 at 14:12:46
# Updated 30/05/2016 by Xplode
# Database : 2016-06-13.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Robert - ROBS_LAPTOP
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Program Files (x86)\SrpnFiles
Folder Found : C:\Users\Robert\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\Robert\AppData\Roaming\SpringFiles

***** [ Files ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Administrator\Favorites\eBay.lnk

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
Key Found : HKLM\SOFTWARE\Classes\c
Value Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
Key Found : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKCU\Software\Check Point Software Technologies LTD
Key Found : HKCU\Software\SrpnFiles
Key Found : HKLM\SOFTWARE\Check Point Software Technologies LTD
Key Found : HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKLM\SOFTWARE\SrpnFiles
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Check Point Software Technologies LTD
Key Found : HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\SrpnFiles
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{417FEF69-68F5-4180-90B0-07EE03730B09}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3EF60283-60AF-4358-8AE9-594672EA18E7}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2DBB7911-5B42-4A35-834D-ECC4B48C3229}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C7960AAF-4ACD-4660-B9BF-FFD81C2CE393}]

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [4477 bytes] - [14/06/2016 14:12:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4550 bytes] ##########

----------------------------------------------------------------------------------------------------------
aswMBR log-

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-14 14:23:35
-----------------------------
14:23:35.068 OS Version: Windows x64 6.2.9200
14:23:35.068 Number of processors: 2 586 0x3A09
14:23:35.068 ComputerName: ROBS_LAPTOP UserName: Robert
14:23:37.716 Initialize success
14:23:37.731 VM: initialized successfully
14:23:37.731 VM: Intel CPU supported virtualized
14:23:41.436 VM: disk I/O iaStorA.sys
14:23:44.654 AVAST engine defs: 16061400
14:23:59.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
14:23:59.236 Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA700 Size: 715404MB BusType: 11
14:23:59.435 Disk 0 MBR read successfully
14:23:59.435 Disk 0 MBR scan
14:23:59.450 Disk 0 unknown MBR code
14:23:59.450 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:23:59.613 Disk 0 scanning C:\WINDOWS\system32\drivers
14:24:17.074 Service scanning
14:25:22.835 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
14:25:25.459 Modules scanning
14:25:25.459 Disk 0 trace - called modules:
14:25:25.481 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
14:25:25.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000b85e7060]
14:25:25.497 3 CLASSPNP.SYS[fffff80102c07d95] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000b8301060]
14:25:26.459 AVAST engine scan C:\WINDOWS
14:25:31.003 AVAST engine scan C:\WINDOWS\system32
14:28:40.903 AVAST engine scan C:\WINDOWS\system32\drivers
14:28:59.382 AVAST engine scan C:\Users\Robert
14:44:55.060 AVAST engine scan C:\ProgramData
14:49:53.951 Disk 0 statistics 4781291/0/0 @ 1.92 MB/s
14:49:53.973 Scan finished successfully
15:01:22.610 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Downloads\MBR.dat"
15:01:22.634 The log file has been saved successfully to "C:\Users\Robert\Downloads\aswMBR.txt"

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Calibrate]

There you go. Thanks for helping.

 

[TwinHeadedEagle]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[Calibrate]

There it is

 

[TwinHeadedEagle]

Okay, I would like to see fresh FRST reports now:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Calibrate]

There

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Calibrate]

There it is

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[Calibrate]

I reinstalled Chrome and had the same issue with popups. I ran Zemana again after that and it seems to have fixed the issue at the moment. I've attached log that I have just created.

 

[TwinHeadedEagle]

Yes, I see. Let's try with this:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Calibrate]

There

 

[TwinHeadedEagle]

Okay, please tell me how is the situation now?

 

[Calibrate]

It appears to be fine. I haven't had any popups since the last time I ran Zemana.

 

[TwinHeadedEagle]

Okay, please keep me updated.

 

[Calibrate]

Nope, not fixed. I loaded up a page through a link in Facebook. When I tried to scroll down the page (by clicking the mouse) onclickads loaded in a new tab. It seemed to be the mouse click that triggered the new tab to load.

 

[Calibrate]

It's happening on other sites too. Sites that normally don't have any issues.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Calibrate]

I've also included my most recent Zemana report. The one before this was clean, but this one was not.