When my windows 8.1 pc wakes from sleep I get svchost / mal url popups

[REDACTED]

Please can you help me. I have ran MBAM and ADW cleaner and still get these popups, generally when the PC wakes up from sleep mode.  Can you help me to clean this up please? Here are a couple of screen grabs that may provide you with info.
Many thanks in advance.

Pete

[REDACTED]

Hello


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[REDACTED]

thank you argus

I will do that now.

[REDACTED]

Here we are Argus
Many thanks

[REDACTED]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Hello again,
Here are the results from ZOEK
Many thanks again for all this help

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by PETER on 13/06/2015 at 13:54:35.35.
Microsoft Windows 8.1 with Bing 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PETER\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13/06/2015 13:58:56 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Aimersoft deleted successfully
C:\PROGRA~2\COMMON~1\Apple deleted successfully
C:\PROGRA~3\TuneClone deleted successfully
C:\Users\PETER\AppData\Roaming\freemkvtomp4converter deleted successfully
C:\Users\PETER\AppData\Roaming\Lexmark Productivity Studio deleted successfully
C:\Users\PETER\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\PETER\AppData\Local\EmieSiteList deleted successfully
C:\Users\PETER\AppData\Local\EmieUserList deleted successfully
C:\Users\PETER\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3999573631-4059578196-857441920-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7CED1749-44A8-4C7F-A8C4-8D49D43454BC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Aimersoft not found
C:\PROGRA~3\SPL25A8.tmp deleted
C:\PROGRA~3\SPL5CC4.tmp deleted
C:\PROGRA~3\SPLB50F.tmp deleted
C:\PROGRA~3\SPLBF0B.tmp deleted
C:\PROGRA~3\SPLFD5.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31/05/2015 15:36]

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/04/2015 18:06]

Bookmark Manager - PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Preferences
95462,"https://www.google-analytics.com/",7.745336524007111,"https://www.madbid.com/",5.781125637188676]],["https://www.youtube.com/",["https://fonts.gstatic.com/",2.025335319191497,"https://i.ytimg.com/",2.025335319191497,"https://s.ytimg.com/",2.6138943008368893,"https://www.google.com/",2.025335319191497]]],"startup_list":[1,"http://localhost:18821/","http://localhost:27275/","http://ui.ff.avast.com/","http://www.google.co.uk/","http://www.google.com/","https://android.clients.google.com/","https://ssl.google-analytics.com/","https://ssl.gstatic.com/","https://www.google.co.uk/","https://www.gstatic.com/"]},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"13078079384225032","next_check":"13078672556251302"},"chrome_url_overrides":{"bookmarks":["chrome-extension://gmlllbghnfkpflemihljekbapjopfjik/bookmarks.html","chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"commands":{"windows:Ctrl+D":{"command_name":"_execute_page_action","extension":"gmlllbghnfkpflemihljekbapjopfjik","global":false}},"install_signature":{"expire_date":"2015-08-30","ids":["aapocclcgogkmnckokdopfmhonfmgoek","aohghmighlieiainnegkcijnfilokake","gmlllbghnfkpflemihljekbapjopfjik","gomekmidlodglbbmalcneegieacbdmki"],"invalid_ids":[],"salt":"Co8YX8I9v03pN1UWKjvkLNAzP3+acsXYsbX+o/2O7cU=","signature":"MEHpK1FP+8pX+Jol0Rygs+o2kCHfwMXkeHfXyNV6TbKTHRfgmwk+Ajqdbcalfe4l0EfY5lPV0+hR/fJN7EaweFu5abY03DFNXM33YEnbO3hKkjCZ3m/EYNOhjhWV0BjeiSk54Yj9BT6QME2WMHYW0ZzpCX3OUUCvd5k0rTzeAe2FifZxQyoVKkBu7tPsqmzCwXFt3MObzXgGgY6wu/97KrWY2nqorVU1Z+OL0RMA6Xgt4/uaocf7kiO+EH03hJq40mhv/mvsVGrJtsHG0/mAykCObBOahk8QHvLBRio3ZrvBcd9lWqZSmQwclrtWd663b4WJdT8JI229+ULhoXuweA==","signature_format_version":2,"timestamp":"13078144650240645"},"last_chrome_version":"43.0.2357.124","toolbar":["gomekmidlodglbbmalcneegieacbdmki"]},"first_run_tabs":["http://welcome_page"],"gcm":{"check_time":"13078250767842319"},"hotword":{"previous_language":"en-GB"},"http_original_content_length":"17586827","http_received_content_length":"17586827","intl":{"accept_languages":"en-GB,en-US,en"},"invalidator":{"client_id":"RxztdKMehqnOxm8qTX8khQ=="},"media":{"device_id_salt":"g2E9WE1+0DCixWTkTCp48g=="},"net":{"http_server_properties":{"servers":{"accounts.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29963},"supports_spdy":true},"ajax.googleapis.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"android.clients.google.com:443":{"supports_spdy":true},"apis.google.com:443":{"supports_spdy":true},"cache.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"chrome.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"clients1.google.com:443":{"network_stats":{"srtt":32900},"supports_spdy":true},"clients2.google.com:443":{"supports_spdy":true},"clients2.googleusercontent.com:443":{"supports_spdy":true},"clients4.google.com:443":{"supports_spdy":true},"csi.gstatic.com:443":{"supports_spdy":true},"csi.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"f.vimeocdn.com:443":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"f.vimeocdn.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"fonts.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":36587},"supports_spdy":true},"fonts.googleapis.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"fonts.gstatic.com:443":{"supports_spdy":true},"fonts.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"i.ytimg.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":30876},"supports_spdy":true},"id.google.co.uk:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"oauth.googleusercontent.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":30010},"supports_spdy":true},"r5---sn-cn3tc-ac5l.c.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"s.ytimg.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":31091},"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":32353},"supports_spdy":true},"ssl.gstatic.com:443":{"supports_spdy":true},"ssl.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":38897},"supports_spdy":true},"www.google-analytics.com:443":{"network_stats":{"srtt":33365},"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.co.uk:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":28912},"supports_spdy":true},"www.google.co.uk:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":45116},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]}},"supports_quic":{"address":"192.168.0.10","used_quic":true},"version":3}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13077561018437318"},"sync_promo":{"show_on_first_run_allowed":false},"translate_blocked_languages":["en"],"translate_whitelists":{}}
pknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"AAE59B3A580ACBA948BAB5A5A9A0D4FCFD0634FBD41F88F4B721ADF9684D25E1"},"default_search_provider":{"keyword":"5CC5325C5CFD2336064C3B8845180022124F2AFA4AD6DEB1183776A641D938D2","name":"8F9D19B1288D6F1CF9A700140A69FED8455D8281D788A3B5F7909A65DDB8CA81","search_url":"1A27C62DF348D708DCCE08761AE13AA9A64F68845FDFBED8FAB76F9D2022036B"},"default_search_provider_data":{"template_url_data":"777FA3BB1DFCFC2BA5C799C39D8E28233A7DAF41D4B161E71FB4A384040B9045"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"0399217FB3123255FE972AD8E3223E9E0C92DBCA488A9C9B445047D9D363223B","ahfgeienlihckogmohjhadlkjgocpleb":"564B87927C91A4B719E58288CD79A38592C7A4A16494431ABEC37C680BC6C48E","aohghmighlieiainnegkcijnfilokake":"5989A10F41BDE755D357446B947F900CCCC39D9D590BE213F26D4516E9ABB0A9","apdfllckaahabafndbhieahigkjlhalf":"0C906A4E18A968032A30FE42FB562C56773B0DB5FA62F20BEAD3110923690B08","bepbmhgboaologfdajaanbcjmnhjmhfn":"FEFCD3DA8473586F9C7F04EB7A5C81C207CE8DF754BFE61D2FAA3A5D4C5D377F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"2384AA4EBB14164B204708540E6BA825D266CDF07CB50A77607B57BD358EFCC8","coobgpohoikkiipiblmjeljniedjpjpf":"0D972709861B4A0AB1DB7E303B44EEA6EBD7249D39B6A4F2891E2861399ED5ED","eemcgdkfndhakfknompkggombfjjjeno":"C2C3623A471373548B36CD4186A3B5A3E2DD899284E776E28A03CCE805D8D8D4","ennkphjdgehloodpbhlhldgbnhmacadg":"C36D3FAE7293227C014561FCD0A3F0037FAF459B6F42A5882E8EDE4EBB54E3F6","felcaaldnbdncclmgdcncolpebgiejap":"3FBE587332F46BC5D9800E9CEA710304A4B172FAAF8DF079A1E30A4E85434D6F","gfdkimpbcpahaombhbimeihdjnejgicl":"D9040DF3CC440D5AEE3C58100E5B3EA7D9E65FF7018505A4BDC64717826D4670","gmlllbghnfkpflemihljekbapjopfjik":"05B965E0E5B7CCA36F365A6753625B4D8979D34A0B8A939171C1B6B9EC6B485E","gomekmidlodglbbmalcneegieacbdmki":"6EEBC2BD754E4B322F617ABDEF40B4852254D9D39E9F8E90F806698F883EE9DF","kmendfapggjehodndflmmgagdbamhnfd":"19FD4236B8C2A018E18B26959A85BCD3F8F64AA215CC39911D80386C3CDAA4E4","lccekmodgklaepjeofjdjpbminllajkg":"CA0F916E0C0EF0891E67D13B254AA8309F7BC81637B392022CC838DE732EA76C","mfehgcgbbipciphmccgaenjidiccnmng":"07D49BD3BFC82198B1796854DFA558F4C59A563347DA37583335BB722870FE06","mgndgikekgjfcpckkfioiadnlibdjbkf":"2B166213401450D2961B7158E369346FD4A5ADC4B12264C6CA8B8B6B3B8A04BA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"2B0A36A1EF39D27746D8E4B106B1791708FFA0A844938CE3D9003CB685B37A97","nbpagnldghgfoolbancepceaanlmhfmd":"507948697E470AC0C5E1DE55554088C990F2538D8B684605488B46BB0E371C4C","neajdppkdcdipfabeoofebfddakdcjhd":"255C94B6F55AB3BE919EFC6AF2C3DDF5F404F4F560764D481E50182B5F47EA2D","nkeimhogjdpnpccoofpliimaahmaaome":"DD1F2B9B8035B9D1A35676A84375AFB6E5613B1A23CFD79F81ECAA721BD8FE91","nmmhkkegccagdldgiimedpiccmgmieda":"5AA3A60A0BF793B27C2B03C3298C8F32F79370D4A82118B595BEBC4F1B9BEA8F","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"2B51ED19D941F9F06E03FE8A6940423EEE18C8FC89B01887498166C3AA11B60A","pjkljhegncpnkpknbcohdijeoejaedia":"EBB333E9B4F3465F39D051457B863E364E9E0C7FA74DD04037DF054797BE8149"}},"google":{"services":{"last_username":"6C84C21C19969D9FE705DA24F5FDE55F6ECCD3A73A236648A308E6D239AF85B3","username":"10EC52DE3C3569C79EF711CF4FF566C4A20883FBD5EB772A5E45FCB606AFC5CC"}},"homepage":"9A7C99FDD289E8856075DDB8012B1BC70521F254590339AF504427956D67E4F5","homepage_is_newtabpage":"0D9FAE92A486A707F9F3361BF65A2DF30D1A03496980D4A2151747BA74CC94E1","pinned_tabs":"49B3B88A302C8F4246417733CD3BAC001B170DEB8EB0C306554246C9E52A6B1D","prefs":{"preference_reset_time":"8948049BF31DF7CE2B4203FA551C2678019DF1FF13A0E711F1279B6997EDD5D3"},"profile":{"reset_prompt_memento":"0B320D6CF5EB468E48BB0974A6BAD6F20F9D8D20AE918C5AD936463214FB68D2"},"safebrowsing":{"incidents_sent":"E059230A478CD03BBA2D026D63AC05E43EF6E7C4B75463211290AFC887EA65A9"},"search_provider_overrides":"CD15C68469C4933B23DC7D894B8C6CE49BD90E45F1F63FEDE34CA8F029C1CF8E","session":{"restore_on_startup":"364F452B0995B551330224B44AAC212BBE28FED24DCE299CCCD963554BE1754D","startup_urls":"1CD602EC68AD0981FF1B23853BB2C416D960725D87D7A03DDC877810BEF53AC8"},"software_reporter":{"prompt_reason":"177973F148F30F017A95ABDC47CA624AFF8719CF8EDAE489D1D2AC0D2EDB4E92","prompt_seed":"AD9D402ECD7090ADD67C5DBB80CED081694491D33BE468E5EEA937B77553EEF3","prompt_version":"5A37AF1B2EF4D44B82FFF8F7AA8D1FDA2CB2C89CC77926902C7CAECCA506C044"},"sync":{"remaining_rollback_tries":"D36EF0C78A5DA09F055ADA38341919E9F76D7CD5E813EBBB63808FD8824104BD"}},"super_mac":"C04728E009E68111E8A26A24D3BC104499AE91C5B9F3D8758D27DCEA33121FA2"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.co.uk/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.co.uk/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{F0430120-BB35-4948-9F4D-1BB3C8FC6D4C}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{F0430120-BB35-4948-9F4D-1BB3C8FC6D4C} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=WCUG"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=14 folders=9 50665816 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PETER\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\PETER\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 13/06/2015 at 14:16:21.39 ======================

[REDACTED]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

Here is the fixlog Argus

[REDACTED]

How's your computer behaving now?

[REDACTED]

I'll put it into sleep and wake it up to see......

[REDACTED]

 

seems to be ok.... many thanks!!   No pop ups so far!!

[REDACTED]

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
  
• Make sure that these ones are checked:
• Remove disinfection tools
• Purge system restore
• Reset system settings
• Push Run and wait until the tool completes his work.
  
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
  

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

[REDACTED]

All done... you're a star... thank you.