Need Help With usw9.prmsrvs.com on Chrome.exe

Thanks for the new logs.
Yes I'd spotted an .opera folder in Users and had planned to remove it.
Let's run this FRST script next, to remove some items, do some maintenance and reset the firewall.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-951395627-451568364-1154128064-1001\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-951395627-451568364-1154128064-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-951395627-451568364-1154128064-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-951395627-451568364-1154128064-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-951395627-451568364-1154128064-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-951395627-451568364-1154128064-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
Edge HKU\S-1-5-21-951395627-451568364-1154128064-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>
FF Homepage: Mozilla\Firefox\Profiles\zof674gf.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2022-02-28 12:38:04&bName=
FF HKU\S-1-5-21-951395627-451568364-1154128064-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Gemilang\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Gemilang\AppData\Roaming\IDM\idmmzcc5 [2022-03-30] [Legacy] [not signed]
FF HKU\S-1-5-21-951395627-451568364-1154128064-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-951395627-451568364-1154128064-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKU\S-1-5-21-951395627-451568364-1154128064-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
2023-09-19 07:16 - 2023-09-19 07:16 - 000000000 ____D C:\Users\Gemilang\AppData\Local\AdvinstAnalytics
Task: {5A455BFF-AF14-4106-ABAA-616CD019E4E7} - System32\Tasks\Opera GX scheduled Autoupdate 1695082761 => C:\Users\Gemilang\AppData\Local\Programs\Opera GX\launcher.exe [2686880 2023-09-14] (Opera Norway AS -> Opera Software)
C:\Users\Gemilang\AppData\Local\Programs\Opera GX
C:\Users\Gemilang\.opera
2023-09-19 07:19 - 2023-09-19 07:21 - 000000000 ____D C:\Users\Gemilang\AppData\Local\Opera Software
2023-09-19 07:18 - 2023-09-19 07:21 - 000000000 ____D C:\Users\Gemilang\AppData\Roaming\Opera Software
Task: {0EBC74EF-D7E8-4C71-B74D-65C493746E45} - System32\Tasks\0k5gyk\uiacye\wcl32b\8061vv\ch9obp\gv6xcb\yc3dex\l2xjrq\9q8q30\t6wfja\jvcfmh\uadojg\hf6cch\b2g06o\t2hnfr\cgaqfe\5vxbl6 => %localappdata%\Catawba.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyle2qp0qp2qtgbnhyp3qp0c9c1ltgbnhye8leqphtmltgbnhyL2shEWR9IqtgbnhyVBHQoiukZ0" (No File) <==== ATTENTION
Task: {2088BC70-4DAA-48D0-871D-7AB65319538A} - System32\Tasks\1t8v7n\l2tjnx\7auokl\687xl3\z9jmoh\vr2uzp\0tybme\txmh4v\36hx1z\oph9d7\jl14v5\cyhl7j\16sw5m\sr3s5c\lh36mc\9s6hev\8nlq4n => %localappdata%\brooches.exe  (No File) <==== ATTENTION
Task: {D71D304C-DC3D-4144-86B6-324552FAC08E} - System32\Tasks\47qjxe\8566kz\fznvm5\dfixxe\6p62t4\ntaoqs\3gzjra\qoqley\8ci4l6\ir522d\9n8txq\afffbt\9z194s\cczhi7\pjiadh\ul6e69\n6t0xd => %PROGRAMFILES(x86)%\Botas\abed.exe  (No File) <==== ATTENTION
Task: {A4853274-B062-4A5A-875F-00E84F41BC58} - System32\Tasks\9dinme\q3ambz\itwk4j\mt5lbp\8ne09c\eooqhs\782jd2\q59wq4\1edtbb\ekdgrz\nah251\mokab1\mtnqen\zgu6wd\e3cnhb\8wyq1n\da5qye => %localappdata%\Catawba.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyle2qp0qp2qtgbnhyp3qp0c9c1ltgbnhye8leqphtmltgbnhyL2shEWR9IqtgbnhyVBHQoiukZ0" (No File) <==== ATTENTION
Task: {2A94F5B7-F03C-4D93-ABD7-900A6F5828AD} - System32\Tasks\ASC_SkipUac_gemil => "C:\Program Files (x86)\Advanced SystemCare Pro\ASC.exe"  /SkipUac (No File)
Task: {291F967A-2AC3-4B10-9B27-6AF378753593} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {70D79F22-BA6E-4466-AA74-814F3CB63E86} - System32\Tasks\Driver Booster SkipUAC (Gemilang) => C:\Program Files (x86)\Driver Booster\DriverBooster.exe [8641536 2022-02-22] (IObit) [File not signed]
Task: {D64DF579-8045-4D20-823F-39B9F1F7CE95} - System32\Tasks\m0am5a\fl0j9f\itg3t9\4cwo3d\hreyo3\ghcat5\zqt7jt\azgviq\7wj9j0\ppmvk5\vdc6it\y8awzt\87g874\057s9v\a2socn\5d9dca\yydm4m => %localappdata%\toppled.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyle2qp0qp2qtgbnhyp3qp0c9c1ltgbnhye8leqphtmltgbnhyL2shEWR9IqtgbnhyVBHQoiukZ0" (No File) <==== ATTENTION
Task: {97150913-4DCC-40BE-A7AE-71DE813694DA} - System32\Tasks\McAfeeTsk\OOBEUpgrader => C:\Program Files\McAfee\MSC\OOBE_Upgrader.exe  /Run (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
2023-09-19 07:21 - 2023-09-19 07:50 - 000000000 ___HD C:\Program Files (x86)\Klan
2023-09-19 07:21 - 2023-09-19 07:30 - 000000000 ____D C:\Program Files (x86)\draped
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\w4agpq
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\rkn1wb
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\obs510
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\m0am5a
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\c1cupu
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\aqlv93
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\akio5d
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\9itdhj
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\9dinme
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\47qjxe
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\2r2ljl
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\1t8v7n
2023-09-19 07:21 - 2023-09-19 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\0k5gyk
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-951395627-451568364-1154128064-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File
BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
U3 aswbdisk; no ImagePath
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
C:\Program Files (x86)\Internet Download Manager
2023-09-21 21:06 - 2022-03-23 23:21 - 000000000 ____D C:\Program Files\Revo Uninstaller
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::

• Click on the Fix button just once and wait.
• If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.

 

okay .opera folder is still exist but the prmvs I think has gone (atleast for now). here is the log:
 

Very good.
Is the path of the .opera folder C:\Users\Gemilang\.opera or is it in Downloads, as you advised earlier?

Try and delete it again and see if it returns.
I'd now like you to run a scan with AdwCleaner.
Please download AdwCleaner.

• Close all open programs and browsers
• Right click on the icon and select Run as administrator
• Click Scan Now
• When the scan has finished AdwCleaner shows you all detected PUPs and adware.
• If any are found, select them and click Quarantine. (I would suggest that you do not select Pre-installed applications for now, or any other items you wish to keep.)
• AdwCleaner prompts you to save and close your work before continuing. Click Continue.
• After cleaning, you are prompted to restart your device. Click Restart now to complete the cleanup process.

Once your computer has restarted ...

•     If it doesn't open automatically, please start AdwCleaner.
•     Click on View Log File button (This log can also be found in the Log Files tab).
•     A Notepad file will open containing the results.
•     Click Skip Basic Repair (if the option appears)
•     Please post the contents of the file in your next reply.

I think .opera is also gone after I deleted the folder and restarted the PC. Based on the scan, I think the adware came from "Touch VPN" " The log is as follows:
 

The failed one seems the adware in the registry hence I don't exactly know the details yet

Please do this next.

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
ExportKey: HKCU\SOFTWARE\C8F78ABBF795D2265C74CD843832CF6D
End::

• Click on the Fix button just once and wait.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.

Edited by dennis_l, 23 September 2023 - 11:04 AM.

here is the log: 
 

Now please do this.

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
CreateRestorePoint:
CloseProcesses:
DeleteValue: HKCU\SOFTWARE\C8F78ABBF795D2265C74CD843832CF6D|Plugin
DeleteValue: HKCU\SOFTWARE\C8F78ABBF795D2265C74CD843832CF6D|PHNX
End::

• Click on the Fix button just once and wait.
• Make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Copy the contents from this text file and paste into your next reply.
Also, please provide an update on how your computer is running now.

 

I think the prmvs gone and here is the latest: 
 

I'd now like you to please run a scan with Emsisoft Emergency Kit., as a final check.

• Download and save the installation file from here
• Double-click on the Emsisoft Emergency Kit setup file to start the installation process and then click on the Install button.
• You may be presented with a User Account Control warning, asking you if you want to run this file. Click Yes to continue.
• The downloaded package unpacks to “C:\EEK” by default and this folder now opens on your screen.
• To start Emsisoft, double-click on the Start Emergency Kit Scanner icon in this folder.
• You may get another User Account Control warning. Click Yes to continue.
• Accept the Licence Agreement.
• When you launch the program for the first time, Emsisoft Emergency Kit will automatically download updates. The Scan tab changes from orange to green when the update process is completed.
• Leave the settings unchanged, which include detection of Potentially Unwanted Programs.
• Now click on Malware Scan in the Scan button.
• When the Emsisoft scan has finished, you will see a screen reporting details of any malicious files found on your computer.(Close the pop up inviting installation of Emsisoft protection)
• Click Quarantine selected objects. (Note, this option is only shown if malicious objects were detected during the scan)
• You may be asked to restart your computer.
• When the threats have been quarantined, click the View Report button in the lower-right corner and the scan log will open in Notepad. The logs can also be accessed in the left hand menu bar.
• Please save this log on your desktop and post the contents into your next reply.
• When you close Emsisoft Emergency Kit it asks if you wish to sign up for a newsletter. This is optional, and does not affect the malware removal process.

 

ermm I tried the download link and it seems not working. I also click the "click here" button when the download doesn't start immediately and seems not to be working too. any idea?

Nevermind I downloaded it from the original sources and here is the result: 
 

The link is working ok now, although there is a slight delay before the download starts.
I am pleased to see that nothing was detected and also that the original issue has been resolved.
Please advise if you have any further questions, before I post some tool/log clean up instructions and information for your future reference.

I think it's safe to say that for the time being the malware is gone. If there is any malware again, I will seek for help again. Thank you so much for your corporation for the past week! 

You are most welcome.

This tool will remove the software we used.
KpRm by Kernel-panik

•     Download KpRm and save it to your Desktop
•     Right click on the icon and select Run as administrator.
•     Click Yes on the Disclaimer.
•     Place a check mark in Delete Tools and Create Restore Point.
•     Under Delete Quarantine, check Delete in 7 days.
•     Click Run.
•     Click OK in the All operations are completed box.
•     It will create and open a log report.
•     KpRm will delete itself from you Desktop and you can either save or remove the report that was generated.

These articles offer good advice and information for the future.
Keep your computer secure at home
How your system gets infected.
Ransomware advice.
Choosing Secure Passwords.
Thank you for contacting us at Bleeping Computer.

Dennis