NeoDude

Hi Ron, Yep, clearing Chrome Sync did the trick. Thanks.

I have since deleted some "suspect" software that I no longer need and have restarted again. All appears to be good. Updated scan logs attached... Don't know why Download Accelerator keeps showing up, I don't have it installed. Addition.txt AdwCleaner[C2].txt FRST.txt Malware Bytes Summary.txt

mmm, just noticed that my proxy setting issue is back again after that last restart.

Hi Ron, Sorry for the late reply, hectic weekend. Requested files attached... # AdwCleaner 7.0.8.0 - Logfile created on Wed Apr 04 10:55:56 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\ProgramData\Speedbit Deleted: C:\Users\All Users\Speedbit Deleted: C:\Users\CJ\AppData\Roaming\Speedbit Deleted: C:\Program Files (x86)\Common Files\freemake shared ***** [ Files ] ***** Deleted: C:\END ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-1811901798-4231819912-1175827492-1001\Software\Link64 Deleted: [Key] - HKCU\Software\Link64 Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ProductUpdater Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\FMUpdater.dll Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\Newtonsoft.Json.dll Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GAnalytics.dll Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GoCartMonad.dll ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Download Accelerator Plus (DAP) - Plugin deleted: Download Accelerator Plus (DAP) - Plugin deleted: Download Accelerator Plus (DAP) - Plugin deleted: Download Accelerator Plus (DAP) - ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [3124 B] - [2018/4/4 10:50:58] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Addition.txt FRST.txt MalwareBytes Summary.txt

Hey Ron, Thanks for the reply. All done and all appears to be fixed. Thanks again.

Hey folks, I have an issue in Windows 10 where, after every restart, my proxy settings are changed to 127.0.0.1:8082 I've ran a number of scans including Malware bytes but nothing appears to fix it. I do have the NordVPN app installed which I thought might change these settings legitimately, but seeing as how it blocks access to AV sites I'm doubtful. Any insights would be gratefully received. Logs attached... Addition.txt FRST.txt MalwareBytesScan.txt