Solved Need help getting rid of Save On.

[Nick Taylor]

Hi, i am new to this website and i have the same issue as above. Attached are my file reports. Please reply with my fixlist.

Many thanks in advance

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Nick Taylor]

As requested, contents from Zoek:

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Nick on 12/08/2014 at 21:46:46.49.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nick\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/08/2014 21:48:36 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS FaceLogon
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
AsusScr_K3 Series_ENG
AsusVibe2.0
ATK Package
Bonjour
Bookworm Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Control ActiveX de Windows Live Mesh para conexiones remotas
Contr“le ActiveX Windows Live Mesh pour connexions … distance
Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas
Cooking Dash
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Easy Phone Sync
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
Full Tilt Poker
Future Terminal Server
Galeria de Fotografias do Windows Live
Galer¡a fotogr fica de Windows Live
Galerie de photos Windows Live
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
iTunes
Junk Mail filter update
Loopmaster Samples version 1.0
Luxor 3
Mahjongg dimensions
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Espa¤ol
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Word MUI (English) 2013
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Nuance PDF Reader
Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais
Plants vs Zombies
Primo
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
S?????? f?t???af??? t?? Windows Live
Scratch Live 2.5.0 (11)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Lync 2013 (KB2881013) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Sonic Focus
Sony Picture Utility
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se??
syncables desktop SE
Trend Micro Titanium Internet Security
Unity Web Player
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
Wondershare MobileGo for Android ( Version 4.3.0 )
World of Goo

==== Running Processes ======================

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nick\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AFBAgent] - AFBAgent - "C:\Windows\system32\FBAgent.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [ASLDRService] - ASLDR Service - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
R2 - [ATKGFNEXSrv] - ATKGFNEX Service - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 - [TiMiniService] - TiMiniService - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [BBUpdate] - BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [29850aa3] - SO_Sustainer - "C:\Windows\system32\rundll32.exe" "c:\progra~2\so_boo~1\AssistantSvc.dll",service
S2 - [BBSvc] - BingBar Service - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [Amsp] - Trend Micro Solution Platform - "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose64] - Office 64 Source Engine - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==== Folders Found ======================


==== Files Found ======================


--- C:\Windows\System32\GroupPolicy\GPT.INI ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-06-28 06:51:54
Modified time: 2014-06-28 06:51:54
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


--- C:\Windows\SysWOW64\GroupPolicy\gpt.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-06-28 06:51:54
Modified time: 2014-06-28 06:51:54
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2014-06-28 06:51:54 d-----w- C:\Windows\System32\GroupPolicy\Machine
2014-06-28 06:51:54 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-06-28 06:51:54 127 ----a-w- F9A49A3E2415016FA85DDFF0B8B38419 C:\Windows\System32\GroupPolicy\GPT.INI

==== Files Found In C:\Windows\SysWOW64\GroupPolicy ======================

2014-06-28 06:51:54 11 ----a-w- EC3584F3DB838942EC3669DB02DC908E C:\Windows\SysWOW64\GroupPolicy\gpt.ini

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3875 MB
CPU Info: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
CPU Speed: 2095.2 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8B0
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 250.1GB | D: 321.1GB
Hard Disks - Free: C: 185.0GB | D: 321.0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 06/23/11 | _ASUS_ - 6222004
Time Zone: GMT Standard Time
Motherboard *: ASUSTeK Computer Inc. K53E
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Trend Micro Titanium Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Trend Micro Titanium Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 35.0.1916.153
Internet Explorer Version: 11.0.9600.17207
Google Chrome version: 35.0.1916.153

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Nick\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-29 21:26:06 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-08 15:58:46 -------- d-----w- C:\PROGRA~2\Full Tilt Poker
======= C: =====
====== C:\Users\Nick\AppData\Roaming ======
2014-08-08 16:01:50 -------- d-----w- C:\Users\Nick\AppData\Local\AuxClient
2014-08-08 16:01:43 -------- d-----w- C:\Users\Nick\AppData\Local\FullTiltPoker
2014-07-21 22:41:45 -------- d-----w- C:\Users\Nick\AppData\Locallow\{8EBA9356-438C-4975-0953-132D8C1DB931}
====== C:\Users\Nick ======
2014-08-12 19:19:22 E725E59869467F56CF98310D9B50058D 2099712 ----a-w- C:\Users\Nick\Downloads\FRST64.exe
2014-08-08 15:59:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-08-08 15:57:13 3CE53B8CE119E043078FE21ED1589204 54448072 ----a-w- C:\Users\Nick\Downloads\FullTiltSetup.exe
2014-08-07 16:54:02 58935E6B1555EE4EAC1404DE1C98ADB0 1237688 ----a-w- C:\Users\Nick\Downloads\java_installer.exe
2014-07-30 22:24:49 28466FF0DB59D0FC50BC0AC9FC91504A 92536 ----a-w- C:\Users\Nick\Downloads\java_setup.exe
2014-07-29 21:25:12 4D124C4F40B471DFFEDF0ED8A79CCCAD 1365551 ----a-w- C:\Users\Nick\Downloads\adwcleaner_3.301.exe

====== C: exe-files ==
2014-08-12 19:19:22 E725E59869467F56CF98310D9B50058D 2099712 ----a-w- C:\Users\Nick\Downloads\FRST64.exe
2014-08-08 15:59:50 EE8E06CC3981B099D0296F8E7D0683C4 266159 ----a-w- C:\Program Files (x86)\Full Tilt Poker\uninstall.exe
2014-08-08 15:57:13 3CE53B8CE119E043078FE21ED1589204 54448072 ----a-w- C:\Users\Nick\Downloads\FullTiltSetup.exe
2014-08-07 16:54:02 58935E6B1555EE4EAC1404DE1C98ADB0 1237688 ----a-w- C:\Users\Nick\Downloads\java_installer.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3424619091-555254372-3034955359-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Wondershare Helper Compact"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"
"SonicMasterTray"="C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"Wondershare Helper Compact"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Wondershare Helper Compact"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe DEF EULA C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html DEF DEF DEF"
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
"Trend Micro Titanium"="C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush none none"
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""
"hkey"="HKLM"
"item"="CLMLServer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
"hkey"="HKLM"
"item"="RtHDVCpl"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"


==== Startup Folders ======================

2014-04-16 17:37:33 2256 ----a-w- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
2011-04-13 02:49:43 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
2014-04-04 00:47:18 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
2014-04-19 17:21:44 1298 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\MySearchDial.job --a------ C:\Users\Nick\AppData\Roaming\MYSEAR1\UPDATE1\UPDATE1.exe []
C:\Windows\tasks\RegClean Pro_DEFAULT.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe []
C:\Windows\tasks\RegClean Pro_UPDATES.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]
"C:\Windows\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\MySearchDial" [C:\Users\Nick\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\RegClean Pro" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe]
"C:\Windows\SysNative\tasks\RegClean Pro_DEFAULT" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe]
"C:\Windows\SysNative\tasks\RegClean Pro_UPDATES" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension" [13/04/2011 03:51]

==== Chrome Look ======================

saVe oon - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Nick\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
iKute Emoticons 4Facebook Status&Comment - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balckfmhlgambbambmifcpgjnhkfcpgc
Google Voice Search Hotword (Beta) - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Bing Translate To English - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hogdcbncicoifbkfdofpejkkckgkbjig
saVe oon - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Nick\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc

==== Chromium Startpages ======================

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 12/08/2014 at 21:56:07.93 ======================

 

[TwinHeadedEagle]

Fix with ZOEK

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  C:\Windows\System32\GroupPolicy\Machine;fs
  C:\Windows\System32\GroupPolicy\User;fs
  C:\Windows\System32\GroupPolicy\GPT.INI;f
  C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
  C:\Windows\tasks\RegClean Pro_DEFAULT.job;f
  C:\Windows\tasks\MySearchDial.job;f
  C:\Windows\tasks\RegClean Pro_UPDATES.job;f
  C:\Users\Nick\AppData\Roaming\MYSEAR1;fs
  C:\Program Files (x86)\RegClean Pro;fs
  iackbhpbffimamfdmdhioiokfcngfecc;chr
  autoclean;
  emtpyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Nick Taylor]

As far as I'm aware, I don't have any antivirus or antispyware protection on my computer. Do my results above say differently? Will do the above later on after work.

 

[TwinHeadedEagle]

I see some signs of Trend Micro.

 

[Nick Taylor]

Results as requested:

Zoek.exe v5.0.0.0 Updated 13-08-2014
Tool run by Nick on 14/08/2014 at 18:20:57.22.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nick\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-12-205607.log 29376 bytes

==== System Restore Info ======================

14/08/2014 18:23:57 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Nick\AppData\Roaming\MYSEAR1 not found
C:\Program Files (x86)\RegClean Pro not found
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Nick\AppData\LocalLow\{2B2891DC-577B-F5BD-CE2A-B9ACB5D0DC85} deleted
C:\Users\Nick\AppData\LocalLow\{8EBA9356-438C-4975-0953-132D8C1DB931} deleted
C:\Users\Nick\AppData\LocalLow\{D683F38A-44D2-37F5-282F-7C484BBAE2C1} deleted
C:\Users\Nick\AppData\Local\Packages\windows_ie_ac_001\AC\{2B2891DC-577B-F5BD-CE2A-B9ACB5D0DC85} deleted
C:\Users\Nick\AppData\Local\Packages\windows_ie_ac_001\AC\{8EBA9356-438C-4975-0953-132D8C1DB931} deleted
C:\Users\Nick\AppData\Local\Packages\windows_ie_ac_001\AC\{D683F38A-44D2-37F5-282F-7C484BBAE2C1} deleted
C:\PROGRA~3\b3beb329d9225767 deleted
C:\Users\Nick\.android deleted
C:\PROGRA~3\JoniCOupon deleted
C:\PROGRA~3\EnjOyCoupoin deleted
C:\Users\Nick\AppData\Roaming\Wondershare deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Nick\AppData\Local\Wondershare deleted
C:\Users\Nick\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\Tasks\MySearchDial deleted
C:\Windows\Tasks\MySearchDial.job deleted
C:\Users\Nick\Searches deleted
C:\windows\SysNative\Tasks\Advanced System Protector_startup deleted
C:\windows\SysNative\tasks\RegClean Pro deleted
C:\windows\SysNative\tasks\RegClean Pro_DEFAULT deleted
C:\windows\SysNative\tasks\RegClean Pro_UPDATES deleted
C:\Windows\tasks\RegClean Pro_DEFAULT.job deleted
C:\Windows\tasks\RegClean Pro_UPDATES.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Nick\Desktop\Continue FLV Player.lnk deleted
C:\Users\Nick\Downloads\VA-The_Flavours_EP_Vol_7-PLAYAZ049D-WEB-2014[freake].rar.exe deleted
"C:\windows\SysNative\GroupPolicy\GPT.INI" deleted
"C:\Windows\SysWOW64\GroupPolicy\gpt.ini" deleted
"C:\PROGRA~2\Wondershare\MobileGo for Android\MobileGoService.exe" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\Wondershare" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\Wondershare\MobileGo for Android" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension" [13/04/2011 03:51]

==== Chrome Look ======================

saVe oon - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Nick\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
iKute Emoticons 4Facebook Status&Comment - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balckfmhlgambbambmifcpgjnhkfcpgc
Google Voice Search Hotword (Beta) - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Bing Translate To English - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hogdcbncicoifbkfdofpejkkckgkbjig
saVe oon - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc
saVe oon - Nick\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc

==== Chromium Startpages ======================

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Chrome Fix ======================

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Nick\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iackbhpbffimamfdmdhioiokfcngfecc deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balckfmhlgambbambmifcpgjnhkfcpgc deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_balckfmhlgambbambmifcpgjnhkfcpgc_0.localstorage deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_balckfmhlgambbambmifcpgjnhkfcpgc_0.localstorage-journal deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hogdcbncicoifbkfdofpejkkckgkbjig deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hogdcbncicoifbkfdofpejkkckgkbjig_0.localstorage deleted successfully
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hogdcbncicoifbkfdofpejkkckgkbjig_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3424619091-555254372-3034955359-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3424619091-555254372-3034955359-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\e228567b-5553-432a-910c-b4c72275983a deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1485 folders=209 100851466 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nick\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nick\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Wondershare" not found

==== EOF on 14/08/2014 at 19:41:56.16 ======================

 

[TwinHeadedEagle]

Good, now run FRST again, check Addition.txt, press scan and attach both reports.

 

[Nick Taylor]

Attached

 

[TwinHeadedEagle]

Okay, our last step. Tell me how is your PC now?

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Nick Taylor]

You absolute legend!!!!

Thanks so much for your help. The dreaded Save On seems to be gone. I will be very careful from now on to what i download. Thanks again.

 

[TwinHeadedEagle]

Then we're done



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:
​

MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[TwinHeadedEagle]

Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!