2017-03-11 - Back for more

Should be located on the desktop if instructions were followed..
You should still be able to run the tool, it reverts to the free version after the license expires.

If you are unable to run it then uninstall it with Geek Uninstaller, then reboot the machine and grab the free version and run it.

@Fla_Panther how about an update?

@Fla_Panther how about an update?

Hello @Fla_Panther how are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

Re: ClearLNK log: I’ve been trying to clean up my desktop and moved some files into folders, I may have moved it. What was the file name supposed to be?
Re: Zamana: Yeah, had to use that uninstall tool before it would let me scan. Decided to also scan my NAS, looks like there were a few archived files over there that is didn’t like as well.

Zemana AntiMalware 2.72.2.324 (Installed)

---

Scan Result : Completed
Scan Date : 2017/3/26
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core™ i5-3470 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1273F17A3C8C26D2AE6262
Scan Type : Custom Scan
Duration : 116m 34s
Scanned Objects : 260468
Detected Objects : 0
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
No threats detected

Zemana AntiMalware 2.72.2.324 (Installed)

---

Scan Result : Completed
Scan Date : 2017/3/26
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core™ i5-3470 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1273F17A3C8C26D2AE6262
Scan Type : Custom Scan
Duration : 176m 38s
Scanned Objects : 180481
Detected Objects : 12
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
l5m-usjobsearch-dtx.exe
Status : Scanned
Object : Z:\30 - Cate’s Docs\Downloads\l5m-usjobsearch-dtx.exe
MD5 : BB288096343B531FDB50869D7FF0EDC6
Publisher : Zugo Ltd
Size : 273904
Version : 1.0.0.0
Detection : Adware:Win32/ZugoToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - Z:\30 - Cate’s Docs\Downloads\l5m-usjobsearch-dtx.exe

3d_traceroute.exe
Status : Scanned
Object : Z:\02 - Other Files to Sort\Dad’s CDs\3d_traceroute.exe
MD5 : FE58872A50511E9429AC9753C182F8A0
Publisher : -
Size : 996352
Version : 1.6.46.94
Detection : Malware:Win32/Tamaca!Tltr
Cleaning Action : Quarantine
Related Objects :
File - Z:\02 - Other Files to Sort\Dad’s CDs\3d_traceroute.exe

Toolbar.exe
Status : Scanned
Object : Z:\Zip Files\Music Programs\Nero\Nero 10\ISSetupPrerequisites{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
MD5 : BEEB17823615681A860770CC33544ADC
Publisher : Ask.com
Size : 2131336
Version : 15.0.0.498
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\Music Programs\Nero\Nero 10\ISSetupPrerequisites{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe

XvidSetup.exe
Status : Scanned
Object : Z:\Zip Files\00 - Baseline Programs\Codecs\XvidSetup.exe
MD5 : D0822F4FD3DA5DAA242F60EDBC96E3C5
Publisher : appbundler.com
Size : 236208
Version : 2.0.359.0
Detection : Adware:Win32/BundleGen!Ep
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\00 - Baseline Programs\Codecs\XvidSetup.exe

VirtumundoBeGone.exe
Status : Scanned
Object : Z:\Zip Files\PC Repair Tools\Virus Removal Folder\Vundo\VirtumundoBeGone.exe
MD5 : 6395649F5B3C3F2F1A110F445D1980AD
Publisher : -
Size : 96978
Version : 1.5.0.0
Detection : Malware:Win32/Multi.Generic!Amtt
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\PC Repair Tools\Virus Removal Folder\Vundo\VirtumundoBeGone.exe

SmitfraudFix.exe
Status : Scanned
Object : Z:\Zip Files\PC Repair Tools\Virus Removal Folder\SmitfraudFix.exe
MD5 : 798C8317E52FAE3A28ECA79570D753F5
Publisher : -
Size : 1660532
Version : -
Detection : Adware:Win32/Tamaca!Eetr
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\PC Repair Tools\Virus Removal Folder\SmitfraudFix.exe

AutoClickerTyperSetup.exe
Status : Scanned
Object : Z:\Zip Files\AutoClickerTyperSetup.exe
MD5 : 6450D82FC65E963C42E2D3B11449937D
Publisher : -
Size : 2130746
Version : 1.0.0.0
Detection : Malware:Win32/Tamaca!Iraa
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\AutoClickerTyperSetup.exe

Converter - Setup_FreeConverter.exe
Status : Scanned
Object : Z:\Zip Files\Converter - Setup_FreeConverter.exe
MD5 : 64B5D9C107DA53999D7EFA3EEB04091F
Publisher : -
Size : 6383608
Version : 1.91.0.0
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\Converter - Setup_FreeConverter.exe

keygen.exe
Status : Scanned
Object : Z:\Zip Files\keygen.exe
MD5 : A0537FCADD2C4C2CF8F4AD6E2E58C6C2
Publisher : -
Size : 77312
Version : -
Detection : PUA:Win32/SoftCrack.Gen
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\keygen.exe

winscp428setup.exe
Status : Scanned
Object : Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\zz - Emergency Docs\Programs\winscp428setup.exe
MD5 : 8752C3AB19C1145022F3FF45268EB45B
Publisher : -
Size : 3140130
Version : 4.2.8.818
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\zz - Emergency Docs\Programs\winscp428setup.exe

winscp428setup.exe
Status : Scanned
Object : Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\Programs\winscp428setup.exe
MD5 : 8752C3AB19C1145022F3FF45268EB45B
Publisher : -
Size : 3140130
Version : 4.2.8.818
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\Programs\winscp428setup.exe

winscp428setup.exe
Status : Scanned
Object : Z:\My Documents$RECYCLE.BIN$RNFEUYJ\Programs\winscp428se tup.exe
MD5 : 8752C3AB19C1145022F3FF45268EB45B
Publisher : -
Size : 3140130
Version : 4.2.8.818
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - Z:\My Documents$RECYCLE.BIN$RNFEUYJ\Programs\winscp428se tup.exe
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 12
Reported as safe : 0
Failed : 0

Nevermind the shortcut fix…

I imagine your issue is now solved?

Hello @Fla_Panther how are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

Malnutrition:
Ha. Whoops. I can rerun it with that if I need to. As for being solved … I don’t know. I hope so. The browser hijacks only happened maybe once a week or once every two weeks and that was the only symptom so it’s hard to say. But if your review of the logs indicate stuff got cleaned up I can trust that, and if something more happens I can create another thread. Or, if you want we can keep this one open for a while longer and then close it? Up to you.

May be due to what website you are looking at, I’d suggest looking at the info below, install Ublock Origin along with adding the adblocking Dns servers…

Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Downloads - DelFix - Download Now - ToolsLib’]

Download DelFix by “Xplode” to your Desktop.[/URL]
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

Speak of the devil. See attachment. This one happened when I went to view an Imgur page. I looked at the page, browsed another tab, and when I came back close that tab it had navigated to this site.

Reset your router to factory settings.

https://i.imgur.com/vwUeyaZ.png

[ul]
[li]Download ResetBrowser To your desktop.[/li][li]Now close all open browsers.[/li][li]Right click and run as administrator.[/li][li]Click on Reset for each of your browsers one at a time. – Allow completion.[/li][/ul]

Also make sure and add the Ublock origin to your browser… Also, it depends on what type of website you visit as well, if you are trying to use sites such as solar movie to stream movies, you will get these types of popups…

Loaris Trojan Remover Scan

Run a full scan with Loaris Trojan Remover The program will update on its own, it will then attempt a standard scan. Please stop the standard scan and then go to the update tab, just make sure it is updated. Then go back to the computer scan and select full scan.

[ATTACH]1928[/ATTACH]

Once complete, go to the logfiles tab and double click on the scan log.

[ATTACH]1927[/ATTACH]

After you double click on the log a notepad will open, copy and paste that report into your next reply.

You will not be able to use Loaris unless you pay for it, at this point the program has served its purpose and you may uninstall it. Having the logfile is all that is needed, if anything was detected by the program. https://forum.windowsinstructed.com/...ns/biggrin.png


Malwarebytes Scan.

Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
Perform the installation
Uncheck “Enable Free Trial of Malwarebytes Anti-Malware Premium” if it’s asked
Malwarebytes will update, let this update,
Click on the “Settings” tab and then on the “Detection and Protection” tab, Check the box “Search for Rootkits”
Click on the “Analysis” tab and then on “Start analysis”
Once the review is complete, check that all detections are checked and then click [Delete Selection]
If Malwarebytes asks you to restart your PC, click “Yes”,
When restarting your PC, restarts Malwarebytes
Opens the “History” tab and then “Application logs”
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] → select “Text file (* .txt)”
In the explorer selects the desktop, name it mbam.txt, click [Save]

copy/paste the content of the report in your next reply

ResetBrowser done. Strangely, I don’t see Chrome anymore. Not sure it reinstalled it correctly.
Ublock origin added to FF.

Trojan Remover v.2.0.44
Report file date: 4/4/2017 6:07:31 PM
Last update: 4/4/2017 6:07:24 PM

Scanning for 897687 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows 7 Home Premium x64 (version 6.1)
Username: ******
Computer name: ******-PC
PC Brand: MSI

Starting the file scan:

Full Scan started
Scanning process…
----- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe ---- Service Threat
Service: [zamsvc] Adware.Win32.Downloader.vb
RegPath: HKLM\SYSTEM\ControlSet001\services\ZAMSvc
ProdVer: 2.72.0.324
FileVer: 2.72.0.324
Name: ZAM
Company: Copyright 2017.
Signature verification: True
Certificates: Zemana Ltd.
NAC: BE177CE55C007FF3F1B01FF0EB917A08:18
MD5: 106082C43A5B048604D023B845624378:14509296
RIC: EBC64BDC9C90016EED17D1B57A09C42E:9640
SUBS: Win32 GUI
PE: x86
EP: EB1066623A432B2B484F4F4B90E9AC50B300A19F50B300C1E0 02A3A350B300526A00E8C30773008BD08915A750B300E8B4DD 71005AE896D97100E809DF71006A00
EPSEC: 0
EPRVA: 00002F4C
IBASE: 00400000
SEC:
.text:60000020:68B97BA35AA9850C50ADF86D7E857559:75 53024
.data:C0000040:78437D94C3AC2E8CBDED20668280A01E:21 79072
.tls:C0000040:C99A74C555371A433D121F551D6C6398:204 8
.rdata:50000040:B79E3980A01F8C3616B470021EBE3120:5 12
.idata:40000040:AEA7EF86B09C45563834CED90CDC5242:2 5088
.didata:C0000040:4CBEC6B2A094A6641E51BAEA699EC3CB: 4096
.edata:40000040:B9F15C3AAB41E407FDEC1CD003FDDE59:3 6352
.rsrc:40000040:CF467840654AC9B73426C6860974EB2C:40 46848
.reloc:50000040:C209366B9CDBF0FC59C43F17AE0E40D8:6 47680

----- C:\ProgramData\Line 6\L6TWXY\L6TWXY.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.31
FileVer: 5.31
Name: TWXY Core
Company: Line 6
Signature verification: False
NAC: 7CD6FE593CC1045B8A00AC5A71288BC1:15
MD5: FA7475C2F8141C92E765E60A76035C99:2535936
SUBS: Win32 GUI
PE: x86
EP: 8BFF558BEC837D0C017505E873140100FF75088B4D108B550C E8ECFEFFFF595DC20C003B0D549C24107502F3C3E9E7140100 8BFF558BEC83EC145657FF75088D4D
EPSEC: 0
EPRVA: 0019CF05
IBASE: 10000000
SEC:
.text:60000020:B3E8145AE3EADABF48B305F62E94D744:18 72384
.rdata:40000040:2F9E7654D15B98747AC07855537DB261:3 23072
.data:C0000040:C2AA7AFD710D2C3B59CED72320E54256:21 7600
.rsrc:40000040:980ABA381F9FAB99F47F050159CD25C0:15 36
.reloc:42000040:869BDAA9859B8783397AFA481D9C425F:1 20320

----- C:\ProgramData\Line 6\L6TWXY\L6TWXY64.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.31
FileVer: 5.31
Name: TWXY Core
Company: Line 6
Signature verification: False
NAC: 7CD6FE593CC1045B8A00AC5A71288BC1:15
MD5: 47FF541362070F6F0F6747F008EF973A:3347968
SUBS: Win32 GUI
PE: x64
EP: 48895C24084889742410574883EC20498BF88BDA488BF183FA 017505E8F71701004C8BC78BD3488BCE488B5C2430488B7424 384883C4205FE9ABFEFFFFCCCCCC40
EPSEC: 0
EPRVA: 00204334
IBASE: 0000000180000000
SEC:
.text:60000020:7895E083BD9B7DD26467F367B458763D:22 89664
.rdata:40000040:E02962E05D614E6636C1CE0B80D074B2:5 83680
.data:C0000040:C2CD4A7B3D18796F675BBAF35D860A90:25 6000
.pdata:40000040:67D479B0CEF42273A6BDF469DED86AE4:1 55648
text:20000040:F8D1877DD82D91675E19C6590571CA68:921 6
data:40000040:7D2279048E02E79CE3F7BA929769A21C:163 84
.rsrc:40000040:F95CE903709678A630E526A4D9669618:15 36
.reloc:42000040:258FFD0E9A329598562F5C1F968722F7:3 4816

----- C:\ProgramData\Line 6\L6TWXY\data\res\BassPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: D8C5ABD880365E48D82325299ABC0DEA:1817560

----- C:\ProgramData\Line 6\L6TWXY\data\res\ClassicAmpsPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: BFDF1FA33E3653E2D2D9129F9084D783:423384

----- C:\ProgramData\Line 6\L6TWXY\data\res\FXExpansion.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 335732D1C0E76C185D32580C7F4B816D:518782

----- C:\ProgramData\Line 6\L6TWXY\data\res\GP2.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: F182C516475058D3A3421736A5849900:2005750

----- C:\ProgramData\Line 6\L6TWXY\data\res\GP2Ext.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: C85BA3E0FF860E73D90503DCB5390A81:815098

----- C:\ProgramData\Line 6\L6TWXY\data\res\GP3Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 0899C255BE8D3D1F843DEDD2AD4DF1E3:717942

----- C:\ProgramData\Line 6\L6TWXY\data\res\HiGainPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 544CA13D7D6F1948CB2E584096DC6CC1:489812

----- C:\ProgramData\Line 6\L6TWXY\data\res\ilxplt.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: F158DF8C2D75A960CBD24A345E013AE6:4064124

----- C:\ProgramData\Line 6\L6TWXY\data\res\ilxstd.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 38EEC22827DA8296E1609B725A2F4CC1:2716680

----- C:\ProgramData\Line 6\L6TWXY\data\res\TWXY.lang ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 2FA28D932AAA998231F3743F73ECFF6C:68400

----- C:\ProgramData\Line 6\L6TWXY\data\res\Z1Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 8ABDA2ACF312888CFCDA3DBA01E39E24:398702

----- C:\ProgramData\Line 6\L6TWXY\data\res\Z5Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 85D8C4E81B8A527077DFA966DFBD1008:480602

----- C:\ProgramData\Line 6\L6TWXY\data\tones\british_basic.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: E4FF53094DB66B39B9744B77B6F9C683:3092

----- C:\ProgramData\Line 6\L6TWXY\data\tones\clean_guitar_tone.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 964DA86CD2F23277D877E1D27D7184FF:2190

----- C:\ProgramData\Line 6\L6TWXY\data\tones\virtually_clean.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: CFC16B28C5D1603B01F6CC92598FAEC8:2112

----- C:\ProgramData\Line 6\L6TWXY\data\twx\L6TWX.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.24
FileVer: 5.24
Name: L6TWX Dynamic Link Library
Company: Line 6
Signature verification: False
NAC: 1F7937292628A6EFB72654346B3AB53F:33
MD5: 7847261BB13070516A8594D04B23ADD4:529920
SUBS: Win32 GUI
PE: x86
EP: 8BFF558BEC837D0C017505E8E1910000FF75088B4D108B550C E8ECFEFFFF595DC20C008BFF558BEC83EC10FF750C8D4DF0E8 68EFFFFF8B45F083B8AC000000017E
EPSEC: 0
EPRVA: 00050DDE
IBASE: 10000000
SEC:
.text:60000020:F91CFED461079E81959B2DBBA27212CB:41 6256
.rdata:40000040:7B883AF7E35FF4F153414FC895D6071F:7 1168
.data:C0000040:10FF633A27A107658A013F4C17FDC397:11 264
.rsrc:40000040:F715BF9031D2FA3F2035DAFE00E6F4C1:15 36
.reloc:42000040:C6111B13730F33DA02B074EBFF4DCDDE:2 8672

----- C:\ProgramData\Line 6\L6TWXY\data\twx\L6TWX64_tr.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.24
FileVer: 5.24
Name: L6TWX Dynamic Link Library
Company: Line 6
Signature verification: False
NAC: 1F7937292628A6EFB72654346B3AB53F:33
MD5: 80291E0BA7736B7D1C3744919D2E51EA:683520
SUBS: Win32 GUI
PE: x64
EP: 48895C24084889742410574883EC20498BF88BDA488BF183FA 017505E8078D00004C8BC78BD3488BCE488B5C2430488B7424 384883C4205FE9ABFEFFFFCCCCCC40
EPSEC: 0
EPRVA: 00063950
IBASE: 0000000180000000
SEC:
.text:60000020:9B993F09DE8F4A1038C19FABED135496:50 5856
.rdata:40000040:568FF2ADCEE2DCEAFB2F981F4CD84AAC:1 21856
.data:C0000040:C59AC0F582B20595EC8C6A15A3FC3676:13 824
.pdata:40000040:7AA216E06675761D6ED3AA26353A9F9B:3 3280
.rsrc:40000040:7EBD0DC1248516A9F64E9D9B069EC785:15 36
.reloc:42000040:82DC7A415835C46C52054B9B1CBF4196:6 144

----- C:\ProgramData\Line 6\L6TWXY\ ---- General Threat
Adware.Heur.Downloader.22A3.vl

----- C:\Users******\Desktop\Virus Stuff\2016-09-24\zoek.zip ---- General Threat
Malware.Win32.Gen.cc
MD5: 4DBB21E5A883B50C408239E05D927BCB:4186040

----- C:\Users******\Desktop\Virus Stuff\2016-09-24\zoek.zip\zoek.exe ---- General Threat
Malware.Win32.Gen.cc
ProdVer: 5,0,0,1
FileVer: 5,0,0,1
Name: Zoek
Company: http://www.hijackthis.nl/smeenk
Signature verification: False
NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
SUBS: Win32 GUI
PE: x86
EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C050 39DC75FB4646536888092B005783C30453683CB813005683C3 045350C70303000200909090909055
EPSEC: 1
EPRVA: 002B2860
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:129 5360
.rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13 312

Scan completed

Scan result: 23 detected items
Scan completed in: Scan completed in 26 minute(s) 16 sec.
Files were scanned: 52795

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/4/17
Scan Time: 6:38 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.0
Update Package Version: 1.0.1660
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: *-PC*

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368565
Time Elapsed: 12 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.I CO, Delete-on-Reboot, [2977], [355157],1.0.1660

Physical Sector: 0
(No malicious items detected)

(end)

Use Patch My PC to restore Chrome.

Ads Fix Scan

[ul]
[li]Disable Windows Defender, Firewall & Antivirus prior to running this tool!![/li][li]Save AdsFix to your desktop.[/li][li]Right Click & Run As Administrator.[/li][li]With an infected machine, it could take several seconds to be charged.[/li][li]You will then be prompted to install Certificates.[/li][li]Install then click OK.[/li][li]Right Click & Run As Administrator Again.[/li][/ul]


[ul]
[li]Click Options then select Unlock the deletion.[/li][li]Then click on clean.[/li][li]Enter your country[/li][li]Don’t use the machine while scanning and be patient[/li][li]Once the scan has completed, please copy and paste the report in your next reply.[/li][li]The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.[/li][/ul]

Upload Files to VirusTotal

[ul]
[li]Please go to VirusTotal.[/li][li]Click the Choose File button.[/li][li]Navigate to >>>>>>>> C:\ProgramData\Line 6\L6TWXY\L6TWXY64.dll[/li][li]or simply copy and paste it. [/li][li]Click the Scan it! button.[/li][li]You might see a message saying File already analysed, if you do click Reanalyse.[/li][li]Wait for all the scans to finish then copy and paste the web address from your broswer’s address bar.[/li]Example of web address :
[IMG alt="VirusTotalresultslink" width="690px" height="19px"]http://i526.photobucket.com/albums/cc345/MPKwings/VirusTotalresultslink.jpg[/IMG]

[li]Include the link in your next reply.[/li][/ul]