katiem

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About katiem

  • Rank
    Newbie
  1. Nope no more questions. Thanks for your help! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02 Ran by Katie at 2015-05-18 18:17:19 Run:1 Running from C:\Users\Katie\Downloads\FRST-OlderVersion Loaded Profiles: Katie (Available profiles: Katie) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S2 fd81928a; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ToolMaker\ToolMaker.dll",serv c:\Program Files (x86)\ToolMaker\ R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.) Task: {13101021-778E-4582-A45E-F6F13BC18B52} - \9c489aee-c648-4976-9804-990be9c41a31-4 No Task File <==== ATTENTION Task: {149C6BF7-CED0-4097-8A94-CCEEA2EE6065} - \9c489aee-c648-4976-9804-990be9c41a31-5_user No Task File <==== ATTENTION Task: {46253F79-0F3F-496B-AE44-07AE18383960} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-3 No Task File <==== ATTENTION Task: {4FE036E7-5037-44C8-BB03-B8F6FE53D6EE} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5 No Task File <==== ATTENTION Task: {51E56857-8FBB-4582-AEEC-3F29A170DC3C} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user No Task File <==== ATTENTION Task: {77325488-C24F-4607-A8D7-9C7278CA80EA} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-2 No Task File <==== ATTENTION Task: {936A9E24-7668-482F-B6CD-24AC8154918B} - \9c489aee-c648-4976-9804-990be9c41a31-1 No Task File <==== ATTENTION Task: {99001D8C-784C-438D-B220-E47FB23303D8} - \9c489aee-c648-4976-9804-990be9c41a31-7 No Task File <==== ATTENTION Task: {9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-6 No Task File <==== ATTENTION Task: {A58947D9-A927-4899-A594-A7372AA07683} - \9c489aee-c648-4976-9804-990be9c41a31-11 No Task File <==== ATTENTION Task: {B5DF6F69-9CF2-433C-A533-F338B6565F09} - \9c489aee-c648-4976-9804-990be9c41a31-6 No Task File <==== ATTENTION Task: {BF94D2BC-2250-4CE7-8D5B-AA309761BF52} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-1 No Task File <==== ATTENTION Task: {DA585180-8DBC-47B0-9D6D-55C19E7A9CA5} - System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1 Task: {E31470C6-34AE-410D-83F5-4B84B3D5EC06} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-4 No Task File <==== ATTENTION Task: {EB2206EA-3E5D-4CF8-9202-F6E936572BED} - \9c489aee-c648-4976-9804-990be9c41a31-5 No Task File <==== ATTENTION Task: {FE3D665E-424C-4F09-A654-AADA453F6336} - \9c489aee-c648-4976-9804-990be9c41a31-2 No Task File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:3ED5E595 AlternateDataStreams: C:\ProgramData\Temp:FD000392 IE trusted site: HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\...\vizzed.com -> www.vizzed.com FirewallRules: [TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe FirewallRules: [uDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. fd81928a => Service deleted successfully. "c:\Program Files (x86)\ToolMaker" => File/Directory not found. avgsvc => Unable to stop service avgsvc => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13101021-778E-4582-A45E-F6F13BC18B52}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13101021-778E-4582-A45E-F6F13BC18B52}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{149C6BF7-CED0-4097-8A94-CCEEA2EE6065}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149C6BF7-CED0-4097-8A94-CCEEA2EE6065}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46253F79-0F3F-496B-AE44-07AE18383960}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46253F79-0F3F-496B-AE44-07AE18383960}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FE036E7-5037-44C8-BB03-B8F6FE53D6EE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE036E7-5037-44C8-BB03-B8F6FE53D6EE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51E56857-8FBB-4582-AEEC-3F29A170DC3C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51E56857-8FBB-4582-AEEC-3F29A170DC3C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77325488-C24F-4607-A8D7-9C7278CA80EA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77325488-C24F-4607-A8D7-9C7278CA80EA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{936A9E24-7668-482F-B6CD-24AC8154918B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{936A9E24-7668-482F-B6CD-24AC8154918B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99001D8C-784C-438D-B220-E47FB23303D8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99001D8C-784C-438D-B220-E47FB23303D8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-7" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A58947D9-A927-4899-A594-A7372AA07683}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A58947D9-A927-4899-A594-A7372AA07683}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-11" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5DF6F69-9CF2-433C-A533-F338B6565F09}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DF6F69-9CF2-433C-A533-F338B6565F09}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF94D2BC-2250-4CE7-8D5B-AA309761BF52}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF94D2BC-2250-4CE7-8D5B-AA309761BF52}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA585180-8DBC-47B0-9D6D-55C19E7A9CA5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA585180-8DBC-47B0-9D6D-55C19E7A9CA5}" => Key deleted successfully. C:\Windows\System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E31470C6-34AE-410D-83F5-4B84B3D5EC06}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E31470C6-34AE-410D-83F5-4B84B3D5EC06}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB2206EA-3E5D-4CF8-9202-F6E936572BED}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2206EA-3E5D-4CF8-9202-F6E936572BED}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE3D665E-424C-4F09-A654-AADA453F6336}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE3D665E-424C-4F09-A654-AADA453F6336}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-2" => Key deleted successfully. C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully. C:\ProgramData\Temp => ":3ED5E595" ADS removed successfully. C:\ProgramData\Temp => ":FD000392" ADS removed successfully. "HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vizzed.com" => Key deleted successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe => value deleted successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe => value deleted successfully. The system needed a reboot. ==== End of Fixlog 18:18:18 ====
  2. 1. # AdwCleaner v4.203 - Logfile created 16/05/2015 at 17:33:07 # Updated 30/04/2015 by Xplode # Database : 2015-05-12.2 [server] # Operating system : Windows 8.1 (x64) # Username : Katie - KATIEPC # Running from : C:\Users\Katie\Desktop\adwcleaner_4.203.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\FreeFixer Folder Deleted : C:\Users\Katie\AppData\Local\FreeFixer Folder Deleted : C:\Users\Katie\AppData\Roaming\FreeFixer Folder Deleted : C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v42.0.2311.152 ************************* AdwCleaner[R0].txt - [14469 bytes] - [05/07/2014 18:04:36] AdwCleaner[R1].txt - [7729 bytes] - [04/05/2015 21:52:08] AdwCleaner[R2].txt - [1021 bytes] - [11/05/2015 19:01:35] AdwCleaner[R3].txt - [1391 bytes] - [12/05/2015 11:44:26] AdwCleaner[R4].txt - [1450 bytes] - [16/05/2015 17:30:08] AdwCleaner[s0].txt - [11930 bytes] - [05/07/2014 18:05:51] AdwCleaner[s1].txt - [7867 bytes] - [04/05/2015 21:54:02] AdwCleaner[s2].txt - [1088 bytes] - [11/05/2015 19:04:02] AdwCleaner[s3].txt - [1385 bytes] - [16/05/2015 17:33:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1444 bytes] ########## 2. attached Addition.txt FRST.txt
  3. That file is not coming up in the scan rerults this time and chrome seems to be functioning normally now. Thanks. ESET results: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application C:\Users\Katie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application C:\Users\Katie\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application C:\Windows\Installer\9cc7c03.msi a variant of Win32/Systweak.L potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
  4. 1. https://www.virustotal.com/en/file/88a9a72e3fd9ec7bbf294501a5fd84573dd928933a7c64362fa51b5e231e2d2e/analysis/1431591327/ 2. No I don't think I need that program 3. Ok will reinstall chrome now
  5. 1. I don't use IE so I don't think I did that, but I do know what vizzed is and i downloaded the plugin for chrome recently. Maybe that's what the adware came with because I don't think I had any active antivirus at the time? 2. Ok removed Avg with that tool 3. adacleaner log :(have run this and cleaned with it several times before so it may not have found much) # AdwCleaner v4.203 - Logfile created 12/05/2015 at 11:44:26 # Updated 30/04/2015 by Xplode # Database : 2015-05-12.2 [server] # Operating system : Windows 8.1 (x64) # Username : Katie - KATIEPC # Running from : C:\Users\Katie\Desktop\adwcleaner_4.203.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Program Files\FreeFixer Folder Found : C:\Users\Katie\AppData\Local\FreeFixer Folder Found : C:\Users\Katie\AppData\Roaming\FreeFixer Folder Found : C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v42.0.2311.135 ************************* AdwCleaner[R0].txt - [14469 bytes] - [05/07/2014 18:04:36] AdwCleaner[R1].txt - [7729 bytes] - [04/05/2015 21:52:08] AdwCleaner[R2].txt - [1021 bytes] - [11/05/2015 19:01:35] AdwCleaner[R3].txt - [1075 bytes] - [12/05/2015 11:44:26] AdwCleaner[s0].txt - [11930 bytes] - [05/07/2014 18:05:51] AdwCleaner[s1].txt - [7867 bytes] - [04/05/2015 21:54:02] AdwCleaner[s2].txt - [1088 bytes] - [11/05/2015 19:04:02] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1312 bytes] ########## 4. Have done full scans recently and havent turned up any results. 5. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll Win32/ExtenBro.AZ trojan C:\Users\Katie\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\Katie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application C:\Users\Katie\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application C:\Windows\Installer\9cc7c03.msi a variant of Win32/Systweak.L potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application Operating memory Win32/ExtenBro.AZ trojan
  6. Hi, have been infected with 'ads by tremendous coupon' for over 3 weeks and every time i think i've gotten rid of it it comes back. Basically chrome is overrun with ads including random popup ads when i mouse over certain words on any webpage, extra google search results with surveys etc, opening ads in a new tab when i click on an ordinary link,full page popup ads when i go to certain websites....seriously slowing down chrome. FRST results attatched. FRST.txt Addition.txt