I can see no sign of a vbs file so I will use a different tool
But first please uninstall Chrome, you can re-install once we have finished
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open
notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Profile: C:\Users\king\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NBA Live News) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\appncjoeoaegjpfoinalcdkkgpojgbdp [2014-09-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-10]
CHR Extension: (YouTube) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Google Drive Quick Create) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcbfnpodigdcbjjmhmolhkhlfbepnca [2014-09-19]
CHR Extension: (Google Search) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Bookmarks Tagger) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpiecafonfminhngabegejbligdagjfc [2014-09-22]
CHR Extension: (GOSaeve) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccamnodmehlfmaeogbfioipldegbclp [2014-09-12]
CHR Extension: (Avast Online Security) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-08]
CHR Extension: (IDM Integration Module) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-07-26]
CHR Extension: (Lorem Ipsum Generator Default Text) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdcbjjoakogbcopinefncmkcamnfkdb [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]
CHR Extension: (Keep Me) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-12]
CHR Extension: (Gmail) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-07]
C:\Program Files (x86)\Google\Chrome
C:\Users\king\AppData\Local\Google\Chrome
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as
fixlist.txt, in the same location as FRST.exe
![](https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THENDownload
Anti VBS/VBE to your desktop
- download the appropriate version (32 bit or 64 bit) and double click the file to run it.
- After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
- Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to runFINALLYPlease download
AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.