Sign in to follow this  
katiem

Tremendous Coupon Adware

Recommended Posts

Hi, have been infected with 'ads by tremendous coupon' for over 3 weeks and every time i think i've gotten rid of it it comes back.

 

Basically chrome is overrun with ads including random popup ads when i mouse over certain words on any webpage, extra google search results with surveys etc, opening ads in a new tab when i click on an ordinary link,full page popup ads when i go to certain websites....seriously slowing down chrome.

 

FRST results attatched.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hi katiem,

1. Have you configured www.vizzed.com as a trusted site in Internet Explorer?

2. I think you have uninstalled AVG, but there are a lot of left-overs that might disturb. Please, remove them with AVG Remover tool: http://www.avg.com/us-en/utilities

 

 

3. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

 

4. If you haven't done a full scan with Ad-Aware recently, please do so and select to quarantine everything the program finds.

 

 

5. Run an online scan with Eset (easiest with Internet Explorer) to get a second opinion: http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

1. I don't use IE so I don't think I did that, but I do know what vizzed is and i downloaded the plugin for chrome recently. Maybe that's what the adware came with because I don't think I had any active antivirus at the time?

 

2. Ok removed Avg with that tool

 

3. adacleaner log :(have run this and cleaned with it several times before so it may not have found much)

 

# AdwCleaner v4.203 - Logfile created 12/05/2015 at 11:44:26
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [server]
# Operating system : Windows 8.1 (x64)
# Username : Katie - KATIEPC
# Running from : C:\Users\Katie\Desktop\adwcleaner_4.203.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files\FreeFixer
Folder Found : C:\Users\Katie\AppData\Local\FreeFixer
Folder Found : C:\Users\Katie\AppData\Roaming\FreeFixer
Folder Found : C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v42.0.2311.135
*************************
AdwCleaner[R0].txt - [14469 bytes] - [05/07/2014 18:04:36]
AdwCleaner[R1].txt - [7729 bytes] - [04/05/2015 21:52:08]
AdwCleaner[R2].txt - [1021 bytes] - [11/05/2015 19:01:35]
AdwCleaner[R3].txt - [1075 bytes] - [12/05/2015 11:44:26]
AdwCleaner[s0].txt - [11930 bytes] - [05/07/2014 18:05:51]
AdwCleaner[s1].txt - [7867 bytes] - [04/05/2015 21:54:02]
AdwCleaner[s2].txt - [1088 bytes] - [11/05/2015 19:04:02]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1312 bytes] ##########
4. Have done full scans recently and havent turned up any results.
5. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll Win32/ExtenBro.AZ trojan
C:\Users\Katie\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Katie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\Katie\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Windows\Installer\9cc7c03.msi a variant of Win32/Systweak.L potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
Operating memory Win32/ExtenBro.AZ trojan

Share this post


Link to post
Share on other sites

1. Please, upload this file to http://www.virustotal.com/using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:

C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll

 

 

2. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application

Do you want to have the program "WinZip Utils"?

 

 

3. CHR dev: Chrome dev build detected! <======= ATTENTION

This means that your Chrome is configured to use versions that haven't been released and it decreases the security settings. The only way to remove it is to uninstall Chrome, including all settings etc., restart the computer and then install it again.

Share this post


Link to post
Share on other sites

The result of Virustotal indicates that you have installed Chrome or an update of it from a web site that isn't Googles.

 

Threats in this family can install malicious Google Chrome browser plug-ins. They can then use your social media profiles to like, share, and follow pages without your permission.

They are usually downloaded by pretending to be a legitimate installer or update for the Chrome web browser, Adobe Flash Player, or Google Update.

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Kilim

 

When you have reinstalled Chrome, please run Esets skanner to check if the malicious C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll still exists in the computer.

Share this post


Link to post
Share on other sites

That file is not coming up in the scan rerults this time and chrome seems to be functioning normally now. Thanks.

 

 

ESET results:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Katie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\Katie\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Windows\Installer\9cc7c03.msi a variant of Win32/Systweak.L potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

Share this post


Link to post
Share on other sites

Good!
You're welcome :)

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt.

 

2. Start FRST.

Select Addition.txt.

Scan with FRST and attach the two new log files to let's see what more that needs to be removed.

Share this post


Link to post
Share on other sites

1. # AdwCleaner v4.203 - Logfile created 16/05/2015 at 17:33:07

# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [server]
# Operating system : Windows 8.1 (x64)
# Username : Katie - KATIEPC
# Running from : C:\Users\Katie\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\FreeFixer
Folder Deleted : C:\Users\Katie\AppData\Local\FreeFixer
Folder Deleted : C:\Users\Katie\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v42.0.2311.152
*************************
AdwCleaner[R0].txt - [14469 bytes] - [05/07/2014 18:04:36]
AdwCleaner[R1].txt - [7729 bytes] - [04/05/2015 21:52:08]
AdwCleaner[R2].txt - [1021 bytes] - [11/05/2015 19:01:35]
AdwCleaner[R3].txt - [1391 bytes] - [12/05/2015 11:44:26]
AdwCleaner[R4].txt - [1450 bytes] - [16/05/2015 17:30:08]
AdwCleaner[s0].txt - [11930 bytes] - [05/07/2014 18:05:51]
AdwCleaner[s1].txt - [7867 bytes] - [04/05/2015 21:54:02]
AdwCleaner[s2].txt - [1088 bytes] - [11/05/2015 19:04:02]
AdwCleaner[s3].txt - [1385 bytes] - [16/05/2015 17:33:07]
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1444 bytes] ##########
2. attached

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 fd81928a; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ToolMaker\ToolMaker.dll",serv
c:\Program Files (x86)\ToolMaker\
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
Task: {13101021-778E-4582-A45E-F6F13BC18B52} - \9c489aee-c648-4976-9804-990be9c41a31-4 No Task File <==== ATTENTION
Task: {149C6BF7-CED0-4097-8A94-CCEEA2EE6065} - \9c489aee-c648-4976-9804-990be9c41a31-5_user No Task File <==== ATTENTION
Task: {46253F79-0F3F-496B-AE44-07AE18383960} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-3 No Task File <==== ATTENTION
Task: {4FE036E7-5037-44C8-BB03-B8F6FE53D6EE} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5 No Task File <==== ATTENTION
Task: {51E56857-8FBB-4582-AEEC-3F29A170DC3C} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user No Task File <==== ATTENTION
Task: {77325488-C24F-4607-A8D7-9C7278CA80EA} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-2 No Task File <==== ATTENTION
Task: {936A9E24-7668-482F-B6CD-24AC8154918B} - \9c489aee-c648-4976-9804-990be9c41a31-1 No Task File <==== ATTENTION
Task: {99001D8C-784C-438D-B220-E47FB23303D8} - \9c489aee-c648-4976-9804-990be9c41a31-7 No Task File <==== ATTENTION
Task: {9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-6 No Task File <==== ATTENTION
Task: {A58947D9-A927-4899-A594-A7372AA07683} - \9c489aee-c648-4976-9804-990be9c41a31-11 No Task File <==== ATTENTION
Task: {B5DF6F69-9CF2-433C-A533-F338B6565F09} - \9c489aee-c648-4976-9804-990be9c41a31-6 No Task File <==== ATTENTION
Task: {BF94D2BC-2250-4CE7-8D5B-AA309761BF52} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-1 No Task File <==== ATTENTION
Task: {DA585180-8DBC-47B0-9D6D-55C19E7A9CA5} - System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {E31470C6-34AE-410D-83F5-4B84B3D5EC06} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-4 No Task File <==== ATTENTION
Task: {EB2206EA-3E5D-4CF8-9202-F6E936572BED} - \9c489aee-c648-4976-9804-990be9c41a31-5 No Task File <==== ATTENTION
Task: {FE3D665E-424C-4F09-A654-AADA453F6336} - \9c489aee-c648-4976-9804-990be9c41a31-2 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3ED5E595
AlternateDataStreams: C:\ProgramData\Temp:FD000392
IE trusted site: HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\...\vizzed.com -> www.vizzed.com
FirewallRules: [TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [UDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe
Reboot:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

 

Any more questions before I give you the instruction for uninstalling AdwCleaner and FRST?

Share this post


Link to post
Share on other sites

Nope no more questions. Thanks for your help!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Katie at 2015-05-18 18:17:19 Run:1
Running from C:\Users\Katie\Downloads\FRST-OlderVersion
Loaded Profiles: Katie (Available profiles: Katie)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 fd81928a; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ToolMaker\ToolMaker.dll",serv
c:\Program Files (x86)\ToolMaker\
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
Task: {13101021-778E-4582-A45E-F6F13BC18B52} - \9c489aee-c648-4976-9804-990be9c41a31-4 No Task File <==== ATTENTION
Task: {149C6BF7-CED0-4097-8A94-CCEEA2EE6065} - \9c489aee-c648-4976-9804-990be9c41a31-5_user No Task File <==== ATTENTION
Task: {46253F79-0F3F-496B-AE44-07AE18383960} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-3 No Task File <==== ATTENTION
Task: {4FE036E7-5037-44C8-BB03-B8F6FE53D6EE} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5 No Task File <==== ATTENTION
Task: {51E56857-8FBB-4582-AEEC-3F29A170DC3C} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user No Task File <==== ATTENTION
Task: {77325488-C24F-4607-A8D7-9C7278CA80EA} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-2 No Task File <==== ATTENTION
Task: {936A9E24-7668-482F-B6CD-24AC8154918B} - \9c489aee-c648-4976-9804-990be9c41a31-1 No Task File <==== ATTENTION
Task: {99001D8C-784C-438D-B220-E47FB23303D8} - \9c489aee-c648-4976-9804-990be9c41a31-7 No Task File <==== ATTENTION
Task: {9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-6 No Task File <==== ATTENTION
Task: {A58947D9-A927-4899-A594-A7372AA07683} - \9c489aee-c648-4976-9804-990be9c41a31-11 No Task File <==== ATTENTION
Task: {B5DF6F69-9CF2-433C-A533-F338B6565F09} - \9c489aee-c648-4976-9804-990be9c41a31-6 No Task File <==== ATTENTION
Task: {BF94D2BC-2250-4CE7-8D5B-AA309761BF52} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-1 No Task File <==== ATTENTION
Task: {DA585180-8DBC-47B0-9D6D-55C19E7A9CA5} - System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {E31470C6-34AE-410D-83F5-4B84B3D5EC06} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-4 No Task File <==== ATTENTION
Task: {EB2206EA-3E5D-4CF8-9202-F6E936572BED} - \9c489aee-c648-4976-9804-990be9c41a31-5 No Task File <==== ATTENTION
Task: {FE3D665E-424C-4F09-A654-AADA453F6336} - \9c489aee-c648-4976-9804-990be9c41a31-2 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3ED5E595
AlternateDataStreams: C:\ProgramData\Temp:FD000392
IE trusted site: HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\...\vizzed.com -> www.vizzed.com
FirewallRules: [TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [uDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe
Reboot:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
fd81928a => Service deleted successfully.
"c:\Program Files (x86)\ToolMaker" => File/Directory not found.
avgsvc => Unable to stop service
avgsvc => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13101021-778E-4582-A45E-F6F13BC18B52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13101021-778E-4582-A45E-F6F13BC18B52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{149C6BF7-CED0-4097-8A94-CCEEA2EE6065}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149C6BF7-CED0-4097-8A94-CCEEA2EE6065}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46253F79-0F3F-496B-AE44-07AE18383960}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46253F79-0F3F-496B-AE44-07AE18383960}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FE036E7-5037-44C8-BB03-B8F6FE53D6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE036E7-5037-44C8-BB03-B8F6FE53D6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51E56857-8FBB-4582-AEEC-3F29A170DC3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51E56857-8FBB-4582-AEEC-3F29A170DC3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77325488-C24F-4607-A8D7-9C7278CA80EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77325488-C24F-4607-A8D7-9C7278CA80EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{936A9E24-7668-482F-B6CD-24AC8154918B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{936A9E24-7668-482F-B6CD-24AC8154918B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99001D8C-784C-438D-B220-E47FB23303D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99001D8C-784C-438D-B220-E47FB23303D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A58947D9-A927-4899-A594-A7372AA07683}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A58947D9-A927-4899-A594-A7372AA07683}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5DF6F69-9CF2-433C-A533-F338B6565F09}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DF6F69-9CF2-433C-A533-F338B6565F09}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF94D2BC-2250-4CE7-8D5B-AA309761BF52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF94D2BC-2250-4CE7-8D5B-AA309761BF52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA585180-8DBC-47B0-9D6D-55C19E7A9CA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA585180-8DBC-47B0-9D6D-55C19E7A9CA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E31470C6-34AE-410D-83F5-4B84B3D5EC06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E31470C6-34AE-410D-83F5-4B84B3D5EC06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB2206EA-3E5D-4CF8-9202-F6E936572BED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2206EA-3E5D-4CF8-9202-F6E936572BED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE3D665E-424C-4F09-A654-AADA453F6336}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE3D665E-424C-4F09-A654-AADA453F6336}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-2" => Key deleted successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":3ED5E595" ADS removed successfully.
C:\ProgramData\Temp => ":FD000392" ADS removed successfully.
"HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vizzed.com" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe => value deleted successfully.
The system needed a reboot.
==== End of Fixlog 18:18:18 ====

Share this post


Link to post
Share on other sites

Time for final clean-up.

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.
Click on the Uninstall button.

2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
Close all programs.
Start OTC program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.

 

3. Improve the security in the computer
It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this