Skip to main content

Tremendous Coupon Adware

Comments

12 comments

  • Support

    Hi katiem,

    1. Have you configured www.vizzed.com as a trusted site in Internet Explorer?

    2. I think you have uninstalled AVG, but there are a lot of left-overs that might disturb. Please, remove them with AVG Remover tool: http://www.avg.com/us-en/utilities

     

     

    3. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

     

    4. If you haven't done a full scan with Ad-Aware recently, please do so and select to quarantine everything the program finds.

     

     

    5. Run an online scan with Eset (easiest with Internet Explorer) to get a second opinion: http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats.

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

    0
  • Customer

    1. I don't use IE so I don't think I did that, but I do know what vizzed is and i downloaded the plugin for chrome recently. Maybe that's what the adware came with because I don't think I had any active antivirus at the time?

     

    2. Ok removed Avg with that tool

     

    3. adacleaner log :(have run this and cleaned with it several times before so it may not have found much)

     

    # AdwCleaner v4.203 - Logfile created 12/05/2015 at 11:44:26

    # Updated 30/04/2015 by Xplode

    # Database : 2015-05-12.2 [server]

    # Operating system : Windows 8.1 (x64)

    # Username : Katie - KATIEPC

    # Running from : C:\Users\Katie\Desktop\adwcleaner_4.203.exe

    # Option : Scan


    ***** [ Services ] *****



    ***** [ Files / Folders ] *****


    Folder Found : C:\Program Files\FreeFixer

    Folder Found : C:\Users\Katie\AppData\Local\FreeFixer

    Folder Found : C:\Users\Katie\AppData\Roaming\FreeFixer

    Folder Found : C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer


    ***** [ Scheduled tasks ] *****



    ***** [ Shortcuts ] *****



    ***** [ Registry ] *****


    Key Found : HKCU\Software\AppDataLow\Software\adawarebp


    ***** [ Web browsers ] *****


    -\\ Internet Explorer v11.0.9600.17416



    -\\ Google Chrome v42.0.2311.135



    *************************


    AdwCleaner[R0].txt - [14469 bytes] - [05/07/2014 18:04:36]

    AdwCleaner[R1].txt - [7729 bytes] - [04/05/2015 21:52:08]

    AdwCleaner[R2].txt - [1021 bytes] - [11/05/2015 19:01:35]

    AdwCleaner[R3].txt - [1075 bytes] - [12/05/2015 11:44:26]

    AdwCleaner[s0].txt - [11930 bytes] - [05/07/2014 18:05:51]

    AdwCleaner[s1].txt - [7867 bytes] - [04/05/2015 21:54:02]

    AdwCleaner[s2].txt - [1088 bytes] - [11/05/2015 19:04:02]


    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1312 bytes] ##########



    4. Have done full scans recently and havent turned up any results.


    5. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll Win32/ExtenBro.AZ trojan

    C:\Users\Katie\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application

    C:\Users\Katie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

    C:\Users\Katie\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application

    C:\Windows\Installer\9cc7c03.msi a variant of Win32/Systweak.L potentially unwanted application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    Operating memory Win32/ExtenBro.AZ trojan


    0
  • Support

    1. Please, upload this file to http://www.virustotal.com/using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:

    C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll

     

     

    2. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application

    Do you want to have the program "WinZip Utils"?

     

     

    3. CHR dev: Chrome dev build detected! <======= ATTENTION

    This means that your Chrome is configured to use versions that haven't been released and it decreases the security settings. The only way to remove it is to uninstall Chrome, including all settings etc., restart the computer and then install it again.

    0
  • Customer

    1. https://www.virustotal.com/en/file/88a9a72e3fd9ec7bbf294501a5fd84573dd928933a7c64362fa51b5e231e2d2e/analysis/1431591327/

     

    2. No I don't think I need that program

     

    3. Ok will reinstall chrome now

    0
  • Support

    The result of Virustotal indicates that you have installed Chrome or an update of it from a web site that isn't Googles.


     

    Threats in this family can install malicious Google Chrome browser plug-ins. They can then use your social media profiles to like, share, and follow pages without your permission.

    They are usually downloaded by pretending to be a legitimate installer or update for the Chrome web browser, Adobe Flash Player, or Google Update.


    https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Kilim

     

    When you have reinstalled Chrome, please run Esets skanner to check if the malicious C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll still exists in the computer.

    0
  • Customer

    That file is not coming up in the scan rerults this time and chrome seems to be functioning normally now. Thanks.

     

     

    ESET results:

     

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Katie\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application

    C:\Users\Katie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

    C:\Users\Katie\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application

    C:\Windows\Installer\9cc7c03.msi a variant of Win32/Systweak.L potentially unwanted application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application


    0
  • Support

    Good!
    You're welcome

    1. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Clean button.

    Click on OK.
    Click on OK on any message that pops up.
    The computer will be restarted.

    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt.

     

    2. Start FRST.

    Select Addition.txt.

    Scan with FRST and attach the two new log files to let's see what more that needs to be removed.

    0
  • Customer

    1. # AdwCleaner v4.203 - Logfile created 16/05/2015 at 17:33:07

    # Updated 30/04/2015 by Xplode

    # Database : 2015-05-12.2 [server]

    # Operating system : Windows 8.1 (x64)

    # Username : Katie - KATIEPC

    # Running from : C:\Users\Katie\Desktop\adwcleaner_4.203.exe

    # Option : Cleaning


    ***** [ Services ] *****



    ***** [ Files / Folders ] *****


    Folder Deleted : C:\Program Files\FreeFixer

    Folder Deleted : C:\Users\Katie\AppData\Local\FreeFixer

    Folder Deleted : C:\Users\Katie\AppData\Roaming\FreeFixer

    Folder Deleted : C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer


    ***** [ Scheduled tasks ] *****



    ***** [ Shortcuts ] *****



    ***** [ Registry ] *****


    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp


    ***** [ Web browsers ] *****


    -\\ Internet Explorer v11.0.9600.17416



    -\\ Google Chrome v42.0.2311.152



    *************************


    AdwCleaner[R0].txt - [14469 bytes] - [05/07/2014 18:04:36]

    AdwCleaner[R1].txt - [7729 bytes] - [04/05/2015 21:52:08]

    AdwCleaner[R2].txt - [1021 bytes] - [11/05/2015 19:01:35]

    AdwCleaner[R3].txt - [1391 bytes] - [12/05/2015 11:44:26]

    AdwCleaner[R4].txt - [1450 bytes] - [16/05/2015 17:30:08]

    AdwCleaner[s0].txt - [11930 bytes] - [05/07/2014 18:05:51]

    AdwCleaner[s1].txt - [7867 bytes] - [04/05/2015 21:54:02]

    AdwCleaner[s2].txt - [1088 bytes] - [11/05/2015 19:04:02]

    AdwCleaner[s3].txt - [1385 bytes] - [16/05/2015 17:33:07]


    ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1444 bytes] ##########



    2. attached

    Addition.txt

    FRST.txt

    0
  • Support

    Please, start Notepad.

    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S2 fd81928a; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ToolMaker\ToolMaker.dll",serv
    c:\Program Files (x86)\ToolMaker\
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
    Task: {13101021-778E-4582-A45E-F6F13BC18B52} - \9c489aee-c648-4976-9804-990be9c41a31-4 No Task File <==== ATTENTION
    Task: {149C6BF7-CED0-4097-8A94-CCEEA2EE6065} - \9c489aee-c648-4976-9804-990be9c41a31-5_user No Task File <==== ATTENTION
    Task: {46253F79-0F3F-496B-AE44-07AE18383960} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-3 No Task File <==== ATTENTION
    Task: {4FE036E7-5037-44C8-BB03-B8F6FE53D6EE} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5 No Task File <==== ATTENTION
    Task: {51E56857-8FBB-4582-AEEC-3F29A170DC3C} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user No Task File <==== ATTENTION
    Task: {77325488-C24F-4607-A8D7-9C7278CA80EA} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-2 No Task File <==== ATTENTION
    Task: {936A9E24-7668-482F-B6CD-24AC8154918B} - \9c489aee-c648-4976-9804-990be9c41a31-1 No Task File <==== ATTENTION
    Task: {99001D8C-784C-438D-B220-E47FB23303D8} - \9c489aee-c648-4976-9804-990be9c41a31-7 No Task File <==== ATTENTION
    Task: {9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-6 No Task File <==== ATTENTION
    Task: {A58947D9-A927-4899-A594-A7372AA07683} - \9c489aee-c648-4976-9804-990be9c41a31-11 No Task File <==== ATTENTION
    Task: {B5DF6F69-9CF2-433C-A533-F338B6565F09} - \9c489aee-c648-4976-9804-990be9c41a31-6 No Task File <==== ATTENTION
    Task: {BF94D2BC-2250-4CE7-8D5B-AA309761BF52} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-1 No Task File <==== ATTENTION
    Task: {DA585180-8DBC-47B0-9D6D-55C19E7A9CA5} - System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
    Task: {E31470C6-34AE-410D-83F5-4B84B3D5EC06} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-4 No Task File <==== ATTENTION
    Task: {EB2206EA-3E5D-4CF8-9202-F6E936572BED} - \9c489aee-c648-4976-9804-990be9c41a31-5 No Task File <==== ATTENTION
    Task: {FE3D665E-424C-4F09-A654-AADA453F6336} - \9c489aee-c648-4976-9804-990be9c41a31-2 No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:3ED5E595
    AlternateDataStreams: C:\ProgramData\Temp:FD000392
    IE trusted site: HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\...\vizzed.com -> www.vizzed.com
    FirewallRules: [TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe
    FirewallRules: [UDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe
    Reboot:
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.

     

    Any more questions before I give you the instruction for uninstalling AdwCleaner and FRST?

    0
  • Support

    Time for final clean-up.

    1. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.
    Click on the Uninstall button.

    2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.
    If any logs remain on the computer you can remove them.

     

    3. Improve the security in the computer
    It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

    0
  • Customer

    Nope no more questions. Thanks for your help!

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02

    Ran by Katie at 2015-05-18 18:17:19 Run:1

    Running from C:\Users\Katie\Downloads\FRST-OlderVersion

    Loaded Profiles: Katie (Available profiles: Katie)

    Boot Mode: Normal

    ==============================================


    Content of fixlist:

    *****************

    CreateRestorePoint:

    CloseProcesses:

    HKLM\...\Run: [] => [X]

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    S2 fd81928a; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ToolMaker\ToolMaker.dll",serv

    c:\Program Files (x86)\ToolMaker\

    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)

    Task: {13101021-778E-4582-A45E-F6F13BC18B52} - \9c489aee-c648-4976-9804-990be9c41a31-4 No Task File <==== ATTENTION

    Task: {149C6BF7-CED0-4097-8A94-CCEEA2EE6065} - \9c489aee-c648-4976-9804-990be9c41a31-5_user No Task File <==== ATTENTION

    Task: {46253F79-0F3F-496B-AE44-07AE18383960} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-3 No Task File <==== ATTENTION

    Task: {4FE036E7-5037-44C8-BB03-B8F6FE53D6EE} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5 No Task File <==== ATTENTION

    Task: {51E56857-8FBB-4582-AEEC-3F29A170DC3C} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user No Task File <==== ATTENTION

    Task: {77325488-C24F-4607-A8D7-9C7278CA80EA} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-2 No Task File <==== ATTENTION

    Task: {936A9E24-7668-482F-B6CD-24AC8154918B} - \9c489aee-c648-4976-9804-990be9c41a31-1 No Task File <==== ATTENTION

    Task: {99001D8C-784C-438D-B220-E47FB23303D8} - \9c489aee-c648-4976-9804-990be9c41a31-7 No Task File <==== ATTENTION

    Task: {9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-6 No Task File <==== ATTENTION

    Task: {A58947D9-A927-4899-A594-A7372AA07683} - \9c489aee-c648-4976-9804-990be9c41a31-11 No Task File <==== ATTENTION

    Task: {B5DF6F69-9CF2-433C-A533-F338B6565F09} - \9c489aee-c648-4976-9804-990be9c41a31-6 No Task File <==== ATTENTION

    Task: {BF94D2BC-2250-4CE7-8D5B-AA309761BF52} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-1 No Task File <==== ATTENTION

    Task: {DA585180-8DBC-47B0-9D6D-55C19E7A9CA5} - System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1

    Task: {E31470C6-34AE-410D-83F5-4B84B3D5EC06} - \27220085-a1e8-48a2-98b4-5d4a69718ae6-4 No Task File <==== ATTENTION

    Task: {EB2206EA-3E5D-4CF8-9202-F6E936572BED} - \9c489aee-c648-4976-9804-990be9c41a31-5 No Task File <==== ATTENTION

    Task: {FE3D665E-424C-4F09-A654-AADA453F6336} - \9c489aee-c648-4976-9804-990be9c41a31-2 No Task File <==== ATTENTION

    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F

    AlternateDataStreams: C:\ProgramData\Temp:3ED5E595

    AlternateDataStreams: C:\ProgramData\Temp:FD000392

    IE trusted site: HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\...\vizzed.com -> www.vizzed.com

    FirewallRules: [TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe

    FirewallRules: [uDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe

    Reboot:

    *****************


    Restore point was successfully created.

    Processes closed successfully.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    fd81928a => Service deleted successfully.

    "c:\Program Files (x86)\ToolMaker" => File/Directory not found.

    avgsvc => Unable to stop service

    avgsvc => Service deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13101021-778E-4582-A45E-F6F13BC18B52}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13101021-778E-4582-A45E-F6F13BC18B52}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-4" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{149C6BF7-CED0-4097-8A94-CCEEA2EE6065}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149C6BF7-CED0-4097-8A94-CCEEA2EE6065}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-5_user" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46253F79-0F3F-496B-AE44-07AE18383960}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46253F79-0F3F-496B-AE44-07AE18383960}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-3" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FE036E7-5037-44C8-BB03-B8F6FE53D6EE}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE036E7-5037-44C8-BB03-B8F6FE53D6EE}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-5" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51E56857-8FBB-4582-AEEC-3F29A170DC3C}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51E56857-8FBB-4582-AEEC-3F29A170DC3C}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-5_user" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77325488-C24F-4607-A8D7-9C7278CA80EA}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77325488-C24F-4607-A8D7-9C7278CA80EA}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-2" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{936A9E24-7668-482F-B6CD-24AC8154918B}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{936A9E24-7668-482F-B6CD-24AC8154918B}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-1" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99001D8C-784C-438D-B220-E47FB23303D8}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99001D8C-784C-438D-B220-E47FB23303D8}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-7" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B33B842-EDB0-424C-ABF0-FF3B0D7F24B9}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-6" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A58947D9-A927-4899-A594-A7372AA07683}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A58947D9-A927-4899-A594-A7372AA07683}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-11" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5DF6F69-9CF2-433C-A533-F338B6565F09}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DF6F69-9CF2-433C-A533-F338B6565F09}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-6" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF94D2BC-2250-4CE7-8D5B-AA309761BF52}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF94D2BC-2250-4CE7-8D5B-AA309761BF52}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-1" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA585180-8DBC-47B0-9D6D-55C19E7A9CA5}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA585180-8DBC-47B0-9D6D-55C19E7A9CA5}" => Key deleted successfully.

    C:\Windows\System32\Tasks\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0} => Moved successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F43D722F-47C8-406A-A3D0-EEDED46F9EE0}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E31470C6-34AE-410D-83F5-4B84B3D5EC06}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E31470C6-34AE-410D-83F5-4B84B3D5EC06}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27220085-a1e8-48a2-98b4-5d4a69718ae6-4" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB2206EA-3E5D-4CF8-9202-F6E936572BED}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2206EA-3E5D-4CF8-9202-F6E936572BED}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-5" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE3D665E-424C-4F09-A654-AADA453F6336}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE3D665E-424C-4F09-A654-AADA453F6336}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c489aee-c648-4976-9804-990be9c41a31-2" => Key deleted successfully.

    C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.

    C:\ProgramData\Temp => ":3ED5E595" ADS removed successfully.

    C:\ProgramData\Temp => ":FD000392" ADS removed successfully.

    "HKU\S-1-5-21-3135987352-1282622076-3461698883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vizzed.com" => Key deleted successfully.

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31EB27EF-7630-49DA-AC62-FEBE35B46C96}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe => value deleted successfully.

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7ED2049A-172D-4F1F-8204-3E2EE3A0A2FB}C:\users\katie\appdata\local\temp\g2_1611\g2viewer.exe => value deleted successfully.



    The system needed a reboot.


    ==== End of Fixlog 18:18:18 ====

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.


    Everyone else please begin a New Topic.


    Thank you !

    0

Please sign in to leave a comment.