jtdailyupdate

# DelFix v10.8 - Logfile created 28/06/2015 at 13:09:53 # Updated 29/07/2014 by Xplode # Username : owner - OWNER-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\zoek_backup Deleted : C:\AdwCleaner Deleted : C:\zoek-results.log Deleted : C:\Users\owner\Downloads\Addition.txt Deleted : C:\Users\owner\Downloads\AdwCleaner.exe Deleted : C:\Users\owner\Downloads\adwcleaner_4.207.exe Deleted : C:\Users\owner\Downloads\esetsmartinstaller_enu.exe Deleted : C:\Users\owner\Downloads\Fixlog.txt Deleted : C:\Users\owner\Downloads\FRST.txt Deleted : C:\Users\owner\Downloads\FRST64 (1).exe Deleted : C:\Users\owner\Downloads\FRST64.exe Deleted : C:\Users\owner\Downloads\rkill.exe Deleted : C:\Users\owner\Downloads\rkill64.exe Deleted : C:\Users\owner\Downloads\zoek.exe Deleted : HKLM\SOFTWARE\AdwCleaner ~ Cleaning system restore ... Deleted : RP #970 [Windows Update | 05/19/2015 18:29:23] Deleted : RP #971 [Windows Update | 05/19/2015 22:44:25] Deleted : RP #972 [Windows Update | 05/23/2015 13:36:02] Deleted : RP #973 [Windows Update | 05/26/2015 17:50:20] Deleted : RP #974 [Windows Update | 05/30/2015 13:46:32] Deleted : RP #975 [Windows Update | 06/03/2015 11:22:29] Deleted : RP #976 [Windows Backup | 06/05/2015 01:16:03] Deleted : RP #977 [Windows Update | 06/07/2015 00:16:02] Deleted : RP #978 [Configured Microsoft Office Home and Student 2010 | 06/07/2015 16:40:15] Deleted : RP #979 [Windows Update | 06/09/2015 19:01:12] Deleted : RP #980 [Windows Update | 06/10/2015 19:00:27] Deleted : RP #981 [Removed Gynoid Conversion | 06/10/2015 19:10:01] Deleted : RP #982 [installed Gynoid Conversion | 06/10/2015 20:05:35] Deleted : RP #983 [Windows Update | 06/14/2015 19:43:11] Deleted : RP #984 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 06/16/2015 19:21:18] Deleted : RP #985 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 | 06/16/2015 19:22:43] Deleted : RP #986 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 | 06/16/2015 19:27:29] Deleted : RP #987 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 | 06/16/2015 19:29:03] Deleted : RP #988 [Windows Update | 06/18/2015 17:39:26] Deleted : RP #989 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 | 06/21/2015 18:30:03] Deleted : RP #990 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 | 06/21/2015 18:31:04] Deleted : RP #991 [Windows Update | 06/22/2015 16:19:55] Deleted : RP #992 [Revo Uninstaller's restore point - Formatta Filler 7.0 | 06/26/2015 01:36:17] Deleted : RP #993 [Checkpoint by HitmanPro | 06/26/2015 02:09:05] Deleted : RP #994 [Checkpoint by HitmanPro | 06/26/2015 02:10:18] Deleted : RP #995 [Windows Update | 06/26/2015 11:50:02] Deleted : RP #996 [Removed Should I Remove It | 06/26/2015 18:19:06] Deleted : RP #997 [zoek.exe restore point | 06/26/2015 19:10:44] Deleted : RP #998 [Revo Uninstaller's restore point - WCF RIA Services V1.0 SP1 | 06/26/2015 20:51:22] Deleted : RP #999 [Removed WCF RIA Services V1.0 SP1 | 06/26/2015 20:52:09] Deleted : RP #1000 [Revo Uninstaller's restore point - SpyHunter 4 | 06/26/2015 23:05:26] Deleted : RP #1001 [Revo Uninstaller's restore point - Steam | 06/27/2015 01:39:31] Deleted : RP #1002 [Removed Steam | 06/27/2015 01:40:14] Deleted : RP #1003 [installed STOPzilla AntiVirus. | 06/27/2015 17:02:35] Deleted : RP #1004 [Revo Uninstaller's restore point - Steam | 06/27/2015 17:24:13] Deleted : RP #1005 [Revo Uninstaller's restore point - Steam | 06/27/2015 17:30:35] Deleted : RP #1006 [Revo Uninstaller's restore point - StarUML | 06/27/2015 17:31:08] Deleted : RP #1007 [Device Driver Package Install: Anvisoft Network Service | 06/27/2015 17:53:16] Deleted : RP #1008 [Revo Uninstaller's restore point - Google Chrome | 06/27/2015 18:06:40] Deleted : RP #1009 [Removed StarUML | 06/27/2015 18:39:41] Deleted : RP #1010 [Revo Uninstaller's restore point - Google Chrome | 06/27/2015 21:19:05] Deleted : RP #1011 [Removed ADRIFT 5. | 06/27/2015 21:46:44] Deleted : RP #1012 [Removed System Requirements Lab CYRI | 06/27/2015 21:47:38] Deleted : RP #1013 [Removed SketchUp 8 | 06/27/2015 21:48:13] Deleted : RP #1014 [Removed Python 2.7 pygame-1.9.1 | 06/27/2015 21:50:16] Deleted : RP #1015 [Removed Gynoid Conversion | 06/27/2015 21:52:05] Deleted : RP #1016 [Removed ADRIFT 5.0 | 06/27/2015 21:53:53] Deleted : RP #1018 [Restore Point Created by FRST | 06/28/2015 02:12:01] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

It appears that this has fixed it, thanks for your help

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015Ran by owner at 2015-06-27 22:12:01 Run:1Running from C:\Users\owner\DownloadsLoaded Profiles: owner (Available Profiles: owner)Boot Mode: Normal============================================== fixlist content:***************** CreateRestorePoint:closeprocesses:emptytemp:HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1HKU\S-1-5-21-2909699907-1391351550-2664305239-1000\...\RunOnce: [TADS.uninstall.TADSUINS-2b4de6a2-892691f9-0cb68aa7-003e5782.exe] => C:\Users\owner\AppData\Local\Temp\TADSUINS-2b4de6a2-892691f9-0cb68aa7-003e5782.exe [73728 2014-12-14] () <===== ATTENTIONC:\Users\owner\AppData\Local\Temp\TADSUINS-2b4de6a2-892691f9-0cb68aa7-003e5782.exeHKU\S-1-5-21-2909699907-1391351550-2664305239-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1Tcpip\..\Interfaces\{E183089D-C384-417A-B3F9-D4D902162200}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1Task: {64ED8F97-6627-48C0-B64D-1DB8CA7280A4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {739238DA-19E5-4D63-8157-09E0C74CA4CA} - System32\Tasks\4736 => Wscript.exe C:\Users\owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONAlternateDataStreams: C:\ProgramData\TEMP:DC3E2375AlternateDataStreams: C:\ProgramData\TEMP:E18B7D31Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fRemoveProxy:CMD: ipconfig /flushdnsCMD: bitsadmin /reset /allusers ***************** Restore point was successfully created.Processes closed successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => value removed successfullyHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => value removed successfullyHKU\S-1-5-21-2909699907-1391351550-2664305239-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TADS.uninstall.TADSUINS-2b4de6a2-892691f9-0cb68aa7-003e5782.exe => value removed successfullyC:\Users\owner\AppData\Local\Temp\TADSUINS-2b4de6a2-892691f9-0cb68aa7-003e5782.exe => moved successfully.HKU\S-1-5-21-2909699907-1391351550-2664305239-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => value removed successfullyHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E183089D-C384-417A-B3F9-D4D902162200}\\NameServer => value removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64ED8F97-6627-48C0-B64D-1DB8CA7280A4}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64ED8F97-6627-48C0-B64D-1DB8CA7280A4}" => key removed successfullyC:\Windows\System32\Tasks\0 => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{739238DA-19E5-4D63-8157-09E0C74CA4CA}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{739238DA-19E5-4D63-8157-09E0C74CA4CA}" => key removed successfullyC:\Windows\System32\Tasks\4736 => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4736" => key removed successfullyC:\ProgramData\TEMP => ":DC3E2375" ADS removed successfully.C:\ProgramData\TEMP => ":E18B7D31" ADS removed successfully. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfullyHKU\S-1-5-21-2909699907-1391351550-2664305239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\S-1-5-21-2909699907-1391351550-2664305239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {CF0C1660-9D7F-44C6-95CD-6034CBE5C6A5} canceled.1 out of 1 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 1.4 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 22:13:43 ====

It appears that Google Chrome has been infected with the ad's by cloudscout malware. And after attempting to try and use several security software scans, (i.e. Malwarebytes, avast, etc.) which hasn't removed it. FRST.txt Addition.txt