Hi mAl
I'm not sure why you don't get an automatic prompt to download the programs. Which browser are you using to access the links?
I am using chrome
Please remove the two sites (in red) from your Chrome Startups. By accessing torrent websites and using Peer-to-peer software you are inviting malware onto your computer. If you don't know how to remove them, let me know and I will provide you with instructions for doing so.
I believe I have completed this - if you would like to double check.
PUP (Potentially Unwanted Programs)
Freemake Video Converter version 4.1.9 has been removed.
I don't recall installing nor do i use Yahoo, so happy to remove this also.
Here is the fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (27-03-2017 19:38:13) Run:1
Running from C:\Users\Paul\Downloads
Loaded Profiles: Paul (Available Profiles: Paul)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Code: Select all
CreateRestorePoint:
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-03-02] (The NWJS Community)
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-03-02] (The NWJS Community)
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Uninstall 17.3.6743.1212\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Uninstall 17.3.6743.1212] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6743.1212"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\MountPoints2: {dfa99326-ea9b-11e6-b938-681401707138} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
CHR HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] -
hxxp://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] -
hxxp://clients2.google.com/service/update2/crxS3 aswHdsKe; \??\C:\windows\system32\drivers\aswHdsKe.sys [X]
2017-03-16 20:11 - 2016-07-01 07:50 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-16 19:39 - 2016-06-16 12:33 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Azureus
2017-03-11 08:51 - 2016-09-29 06:23 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114
2016-10-16 10:50 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel1.exe
2016-12-18 19:49 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel2.exe
2017-02-19 17:14 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel3.exe
2017-03-05 18:57 - 2017-03-05 18:57 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel4.exe
2017-03-05 18:57 - 2017-03-05 18:57 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel5.exe
Task: {5B38D836-A0CB-463F-B991-B50A83765F0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} - System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [UDP Query User{C9A1486A-AAF3-4FA4-AE63-8C0311224E26}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{B8024B75-92A4-48BD-8920-05CE0277072C}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{B358048D-C531-4EBA-A00B-EBC1FA2982C8}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [TCP Query User{388EC3DF-39D5-489A-AE8D-5F278FE8713E}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [{CB4A51BB-098D-470E-BC4C-B68B8D344C02}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{2C44403D-1157-4B2A-88E8-D91D2BB1DE59}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{9F37AE45-1C13-43C0-8A8B-96E86112B21D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DCD3950B-5024-4301-BC82-78A080FB3E18}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C033B4F5-6C63-4371-9690-A72F5D14AA40}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
C:\Users\Paul\AppData\Roaming\RPEng
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech]
EmptyTemp:
Hosts:
*****************
Code: Select all => Error: No automatic fix found for this entry.
Restore point was successfully created.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => value removed successfully
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value removed successfully
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6743.1212\amd64 => value not found.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6743.1212 => value not found.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa99326-ea9b-11e6-b938-681401707138} => key removed successfully
HKCR\CLSID\{dfa99326-ea9b-11e6-b938-681401707138} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe => key removed successfully
HKLM\System\CurrentControlSet\Services\aswHdsKe => key removed successfully
aswHdsKe => service removed successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\Paul\AppData\Roaming\Azureus => moved successfully
C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel1.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel2.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel3.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel4.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel5.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5B38D836-A0CB-463F-B991-B50A83765F0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B38D836-A0CB-463F-B991-B50A83765F0A} => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} => key removed successfully
C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1467322114 => key removed successfully
C:\Users\Paul\Documents\Calvery Refund.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Paul\Documents\Calvery Refund.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9A1486A-AAF3-4FA4-AE63-8C0311224E26}C:\program files\vuze\azureus.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B8024B75-92A4-48BD-8920-05CE0277072C}C:\program files\vuze\azureus.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B358048D-C531-4EBA-A00B-EBC1FA2982C8}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{388EC3DF-39D5-489A-AE8D-5F278FE8713E}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4A51BB-098D-470E-BC4C-B68B8D344C02} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C44403D-1157-4B2A-88E8-D91D2BB1DE59} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F37AE45-1C13-43C0-8A8B-96E86112B21D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCD3950B-5024-4301-BC82-78A080FB3E18} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C033B4F5-6C63-4371-9690-A72F5D14AA40} => value removed successfully
C:\Users\Paul\AppData\Roaming\RPEng => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 1946775 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 416328392 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 60995909 B
Edge => 482309 B
Chrome => 992797100 B
Firefox => 374002251 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 60272 B
NetworkService => 11122 B
Paul => 928944568 B
RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:45:44 ====
With the ESET Scan - I have completed it - however it did not give me a copy to clipboard option. I have attached a screenshot of the competed scan.The rest of the computer seems to be operating normally again - I have not had any issues with the software.
You do not have the required permissions to view the files attached to this post.