View Full Version : GO GAME GO and AS SEEN ON SCREEN tabs open - HELP! I can't get rid of them.
I keep getting tabs that open (a dozen or more at a time) that are called GO GAME GO and AS SEEN On SCREEN. After some research they appear to be Adware and one resource said to install SpyBot to remove them. I did that (the paid version) and it has not removed them. They do not exist in my browser Extensions or in my Program Files. It will stop me from what I am doing, slow down my computer and open multiple tabs. Also- recently a new window started to open (not a browser window) when this happens - it is black and says cmd.exe_. Any suggestions? I'm not computer illiterate but getting into the very technical is beyond my skills. Will installing McAfee or Kaspersky or the like fix it? I had been relying on Windows Defender but obviously that didn't protect me. Thank you.
Edit
https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated
Please back up your registry!
Backup the Registry:
Credit: Dakeyras
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
``````````````````````````````````````````````````````
Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs
Farbar Log
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Or your logs will be too long to post.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
Please copy and paste log into your topic.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.
aswMBR Log
Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.
Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
Juliet- Thank you very much for your help. I followed your instructions and all went well until I got to the aswMBR Log actions. I was able to download it to my desktop and open it. When I click "YES" to the prompt that says "The computer supports 'Virtualization Technology.' " my screen turns blue and I get the message that says my PC ran into a problem and needs to restart itself. I've attached a picture of that. I've tried several times but keep getting the same thing. This was yesterday so I tried today and get the same message. Also - today I am now getting more pop-ups and tabs opening from different "advertisers" and one from Microsoft that says my PC has been infected and I have to call them. Yeah- right.
Attachments:
-FRST.txt (had so separate into two files A & B)
-Additional.txt (had to separate into two files A & B)
- screen shot of original GoGameGo tab
I also am having issues viewing some pictures - they appear with a broken picture icon. I get an window that says "pulse-generated-images.s3.amazonaws.com's server DNS address cannot be found."
Thank you very much for your help. I'm not sure what to do at this point. Should I take it toa PC repair place?
SydLor
wow
I don't know how you've been able to use the computer, it's horribly infected.
several steps here. If you try one and it's not working please move on to the next step.
~~
We have several folders/files that look suspicious. Actually so many I can't post them all but I think we're going to find the majority to be bad.
() C:\ProgramData\{CD2F5AAB-7A84-ED00-51FF-87DC3A1C5513}\74CED603-C365-61A8-2C64-2D718AFD2836.exe
() C:\ProgramData\{6CB105FE-DB1A-B255-3252-157D7C495E99}\5E489452-E9E3-23F9-AE9D-6EE3ECC73F58.exe
() C:\ProgramData\{3577B796-82DC-003D-DB2E-59B2C282D0FB}\5610BC03-E1BB-0BA8-0CE8-FC52DE6655A5.exe
() C:\ProgramData\{86273658-318C-81F3-B9C4-C094ED730511}\E942515A-5EE9-E6F1-EEF6-CC30B2616E39.exe
() C:\ProgramData\{8669FF4C-31C2-48E7-E164-321FEC87B5A8}\436FF444-F4C4-43EF-C2CA-1D90A743A300.exe
() C:\ProgramData\{E5BC4BE2-5217-FC49-CD16-C7188E21BD53}\9F3C5F19-2897-E8B2-4CBF-12CD3981EF1E.exe
() C:\ProgramData\{964F377B-21E4-80D0-E7EB-9700A58BA855}\62593FD1-D5F2-887A-275D-66A4ED874C66.exe
() C:\ProgramData\{3AD297F4-8D79-205F-2CA0-19D462231537}\5E937CDC-E938-CB77-FC66-EE8922E3E827.exe
() C:\ProgramData\{C8183BD4-7FB3-8C7F-B886-7CBBF0B6461C}\A367851F-14CC-32B4-7FEB-E977B00283C9.exe
() C:\ProgramData\{049783F1-B33C-345A-C024-939BE254FA9D}\23AE2F7E-9405-98D5-F6AB-CDAE6A350CAB.exe
() C:\ProgramData\{38D6A99D-8F7D-1E36-4035-693CC1E1A0D1}\BB47F896-0CEC-4F3D-95A8-E5C78B739176.exe
we need to get a couple scanned.
Unhide your Files and folders.
scroll down to On Windows 8.x or 10
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:
C:\ProgramData\{CD2F5AAB-7A84-ED00-51FF-87DC3A1C5513}\74CED603-C365-61A8-2C64-2D718AFD2836.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Please also have this one scanned too
C:\ProgramData\{6CB105FE-DB1A-B255-3252-157D7C495E99}\5E489452-E9E3-23F9-AE9D-6EE3ECC73F58.exe
~~~~
While files and folders are unhidden,
Now please go to add/remove programs, search for and uninstall
https://support.microsoft.com/en-us/instantanswers/ce7ba88b-4e95-4354-b807-35732db36c4d/repair-or-remove-programs
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{47af0d84-7fb4-429e-bb76-f7590c25a5da}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{47af0d84-7fb4-429e-bb76-f7590c25a5da}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{7a5adf34-8bdc-4a72-afc4-bc8aa51b145e}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{c1eac516-ba61-40b3-8e2e-0b9233380a3f}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{f249b31e-e95a-429e-8631-bdc5ae715068}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{f249b31e-e95a-429e-8631-bdc5ae715068}: [DhcpNameServer] 82.163.143.176
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBdV0IBAEQQhgbdwAPTA0SElMOIgAOBRRDFFAbIgkBUg4SEQwFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlEmRFdoLlZP
HKU\S-1-5-21-2756310535-3547406816-3898245373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBdV0IBAEQQhgbdwAPTA0SElMOIgAOBRRDFFAbIgkBUg4SEQwFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlEmRFdoLlZP
URLSearchHook: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKLM -> {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 -> DefaultScope {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 -> {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
BHO-x32: Search Web Know -> {da8dfa05-93a3-4617-8c86-bbfc625f8fa7} -> C:\Program Files (x86)\Search Web Know\Extensions\da8dfa05-93a3-4617-8c86-bbfc625f8fa7.dll => No File
FF user.js: detected! => C:\Users\Sydney\AppData\Roaming\Mozilla\Firefox\Profiles\1noylhwc.default-1458778006057\user.js [2016-03-24]
FF NewTab: Mozilla\Firefox\Profiles\1noylhwc.default-1458778006057 -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFcWJAldWVgSDA0UeQ4VVVpCRxhBeQ9cTAtERA1BcAALVlpBGBNBNARaB0tXUUEeJl9NER8fHGZGIUtbCW4UQ35NL04=
FF Keyword.URL: Mozilla\Firefox\Profiles\1noylhwc.default-1458778006057 -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBdV0IBAEQQhgbdwAPTA0SElMOIgAOBRRDFFAbIgkBUg4SEQwFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmRFdoLlZP"
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <no Path/update_url>
C:\Users\Sydney\PremiereElements_11_LS15_win64.exe
Task: {0019CB7F-30C8-48CA-A4AA-7A6A3716A948} - System32\Tasks\{8EE038BE-394B-8F15-03AB-B609EC16DF45} => C:\ProgramData\{E5BC4BE2-5217-FC49-CD16-C7188E21BD53}\9F3C5F19-2897-E8B2-4CBF-12CD3981EF1E.exe [2017-01-17] () <==== ATTENTION
Task: {0693BA3E-CA24-48A0-92AD-DC722D5F81CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {168391E6-8258-4D54-A1A2-2EA4A4D288A6} - System32\Tasks\{AE5A0284-19F1-B52F-6317-4F381D3C8A28} => C:\ProgramData\{CB900FB3-7C3B-B818-C522-AB74BF70082F}\E1B75F1E-561C-E8B5-8133-25C661DFC070.exe [2017-01-13] () <==== ATTENTION
Task: {1CEC1D58-3993-48F9-8C4A-31A1C244D9B5} - System32\Tasks\{2C8ED292-9B25-6539-C153-052CA32B4054} => C:\ProgramData\{3A408293-8DEB-3538-63BA-CF8CC0F79D7E}\A0BDB699-1716-0132-370B-D91F282D7A1A.exe [2017-01-13] () <==== ATTENTION
Task: {233350D5-78A3-4BDA-8CE6-98E4302345EB} - System32\Tasks\{586BDC72-EFC0-6BD9-BDF4-3C7699194554} => C:\ProgramData\{C81CBEFF-7FB7-0954-8857-E97E8184F6B9}\9F9BB995-2830-0E3E-78AA-A6D1E580F226.exe [2017-01-20] () <==== ATTENTION
Task: {28607C67-0664-4633-BF1C-D7277B24D412} - System32\Tasks\{76B74FF2-ADBE-6361-4940-4C7EBEEF9445} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\709c5479\6e7d3997.dll" <==== ATTENTION
Task: {2D657343-6355-4E3C-B16E-F17B8B189647} - System32\Tasks\{680BC8AC-24A0-48EF-8BBC-E4EEC1143CE7} => pcalua.exe -a I:\Setup.exe -d I:\
Task: {2EF4BE61-76DA-4AFF-B1AD-FDA27576F57D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {31644FE5-9070-4CED-94B5-4AF67613D3E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {35F6BA1F-2D9F-4028-8089-59C323497720} - \WPD\SqmUpload_S-1-5-21-2756310535-3547406816-3898245373-1001 -> No File <==== ATTENTION
Task: {3AC1AED1-70FF-4FD2-A0BB-AB96246CA655} - System32\Tasks\{D6EF16B2-6144-A119-A796-5F91D5EF0037} => C:\ProgramData\{77878F73-C02C-38D8-C05F-032262A5DB06}\56AC5E71-E107-E9DA-4CDB-27CE9785AB81.exe [2016-12-19] () <==== ATTENTION
Task: {3ACC8CFA-808A-4EF5-A98B-E07D9FCE523A} - System32\Tasks\{CEB2E458-7919-53F3-4EDC-2D8E4093767F} => C:\ProgramData\{DA6265AE-6DC9-D205-9AE0-FE2E80057A4A}\BFABECA6-0800-5B0D-0852-DF3F807440DB.exe [2016-12-15] () <==== ATTENTION
Task: {3CD16B77-AC15-46B9-841B-411B39AEC465} - System32\Tasks\{E8478E74-5FEC-39DF-18CC-DED2CA29DA4F} => C:\ProgramData\{7CF53E25-CB5E-898E-19FA-382BFBDB443C}\AAE9157F-1D42-A2D4-C462-AEB1514A3862.exe [2016-12-18] () <==== ATTENTION
Task: {41B8FCFF-C365-48EC-979B-67D4036C2740} - System32\Tasks\{D5D4EE64-627F-59CF-19BC-ED8D359CD389} => C:\ProgramData\{DF9A53D4-6831-E47F-D64F-062A61AD3F96}\B0DE74D1-0775-C37A-641C-CB1B385962C4.exe [2017-01-17] () <==== ATTENTION
Task: {4E80C004-9FCF-4D69-9E25-D7105F3AAA75} - \{AAAF5427-1D04-E38C-6B36-6EA1ED68401B} -> No File <==== ATTENTION
Task: {60B08632-7BB0-46E2-A2EE-2D3829496F3B} - System32\Tasks\{A83EE33C-1F95-5497-2A7F-3805023FC0BE} => C:\ProgramData\{0D47C57D-BAEC-72D6-89E6-826BC8375CFC}\74A4214B-C30F-96E0-6E6B-BD96284450ED.exe [2017-01-11] () <==== ATTENTION
Task: {69F675D8-235D-4FED-839D-BE694CBAC4C6} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {6B473D10-8D5E-4D69-A322-E4781ABED797} - System32\Tasks\{ED8A19E5-5A21-AE4E-A574-3BC9A9A0CB4D} => C:\ProgramData\{BB115BD9-0CBA-EC72-B4D5-E0D77B902FD9}\2B0EEFC7-9CA5-586C-74D1-003A931F2633.exe [2017-01-23] () <==== ATTENTION
Task: {6E102DD7-C110-4B13-A09E-C3B4DC850A71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {71416140-C5DA-4983-A233-2CAEA70C61E8} - System32\Tasks\{0DE32531-BA48-929A-3AC9-CA8CB6A14DB6} => C:\ProgramData\{BA0BE89B-0DA0-5F30-17F4-34B04872CE35}\11AC4979-A607-FED2-4257-622E033886DA.exe [2017-01-22] () <==== ATTENTION
Task: {73EC7327-41E1-4A91-8F08-5D323CCC3808} - System32\Tasks\{7B33960A-CC98-21A1-021D-DB53A6206F0D} => C:\ProgramData\{E5190278-52B2-B5D3-EACC-C61511A1564C}\4D5FF3B8-FAF4-4413-86C4-D44D827A4152.exe [2017-01-23] () <==== ATTENTION
Task: {762C586B-0612-4713-B460-F53E1CD8F4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {772CB141-86B7-49BE-AE0C-8E5A4C4BF598} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {80F1DF91-E045-4B1B-9830-C8ED2C9E0C88} - System32\Tasks\{B3298081-0482-372A-C890-1402930A920E} => C:\ProgramData\{8669FF4C-31C2-48E7-E164-321FEC87B5A8}\436FF444-F4C4-43EF-C2CA-1D90A743A300.exe [2017-01-19] () <==== ATTENTION
Task: {83EC795C-AA61-4A53-BB4E-699F63CDFC7A} - System32\Tasks\{37FBDC58-8050-6BF3-7175-8F19F785235C} => C:\ProgramData\{C823DBD4-7F88-6C7F-6C8A-B43B5DADB9C8}\A187ACCA-162C-1B61-6A56-BB9861A3E163.exe [2016-12-19] () <==== ATTENTION
Task: {8AD75239-6045-4ED1-AC5D-451FA767AF93} - System32\Tasks\{A455B8D6-13FE-0F7D-8388-375B05051671} => C:\ProgramData\{7081790A-C72A-CEA1-6F99-62A2EF1E0BA0}\124F93FE-A5E4-2455-9E9D-2968C7FAC1BB.exe [2017-01-23] () <==== ATTENTION
Task: {8C716633-AD9D-4992-A41F-93DBFF48D7FC} - System32\Tasks\{2060ED3A-97CB-5A91-F9A3-5733B98F75E0} => C:\ProgramData\{877190B9-30DA-2712-62E2-155925E0E90F}\2F1A4499-98B1-F332-C0B9-33F5DE8A0FA1.exe [2017-01-23] () <==== ATTENTION
Task: {8F18FF4E-A4B6-4345-8F3C-A1248D786DCA} - System32\Tasks\{76856C58-C12E-DBF3-5E8F-CBD45A7E018F} => C:\ProgramData\{3FB40AA3-881F-BD08-73E0-AFF0DB7ECBA5}\1305D51A-A4AE-62B1-CCEC-4F945EF98757.exe [2016-12-15] () <==== ATTENTION
Task: {91EEC119-4D12-4282-8BF5-048313621828} - System32\Tasks\{5DB986E0-EA12-314B-EB50-ADE66555D612} => C:\ProgramData\{3AD297F4-8D79-205F-2CA0-19D462231537}\5E937CDC-E938-CB77-FC66-EE8922E3E827.exe [2017-01-25] () <==== ATTENTION
Task: {930B7472-CD6E-4450-A822-F2BAB2B69C4D} - System32\Tasks\{44EF213C-F344-9697-FA23-2B768531C391} => C:\ProgramData\{56D7891B-E17C-3EB0-75C8-EBF21624BFA2}\8D1B8E83-3AB0-3928-D894-821C0AB9039F.exe [2017-01-17] () <==== ATTENTION
Task: {95A30410-180E-4D8C-9D0D-C9DD5CD8AD40} - System32\Tasks\{FB55F27E-4CFE-45D5-DA3F-39D8D810ABF0} => C:\ProgramData\{217A2995-96D1-9E3E-CD59-19C6DD911DB3}\FEDA94DF-4971-2374-AF17-9320EA82E652.exe [2017-01-21] () <==== ATTENTION
Task: {96A32C05-F6EC-43FC-9042-FB27D7EA37A6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96BEB3DC-9948-4136-8CD0-3C03DAFFC212} - System32\Tasks\{CB426D00-7CE9-DAAB-0239-FD7094424E13} => C:\ProgramData\{0F2AC39B-B881-7430-4D15-7DB506EC7902}\32B70CE4-851C-BB4F-D786-1387BEC5FD38.exe [2017-01-20] () <==== ATTENTION
Task: {9885786A-1EC9-4CD2-8E73-F7CA43C9E106} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {9C9C909C-9CC0-4F8C-8556-A59C01972A1A} - System32\Tasks\{CF1C8490-78B7-333B-72E9-CA5231C91249} => C:\ProgramData\{049783F1-B33C-345A-C024-939BE254FA9D}\23AE2F7E-9405-98D5-F6AB-CDAE6A350CAB.exe [2016-12-16] () <==== ATTENTION
Task: {A1608E8B-D8F5-4A88-99D1-E5C468C151D0} - \{7304B2B9-C4AF-0512-F261-FB1C9794E615} -> No File <==== ATTENTION
Task: {A1FD550E-262E-4756-B56A-FA025183EFC2} - \{46AEB832-F105-0F99-CC6D-F10A602DC3ED} -> No File <==== ATTENTION
Task: {AB5B4499-6E2F-4024-AD0A-459F31F74F2A} - System32\Tasks\{16DBF587-A170-422C-4325-AAC6671FCA63} => C:\ProgramData\{5CD7C43D-EB7C-7396-AEB0-93905BE54AD0}\6672CD5E-D1D9-7AF5-B9E1-33D338457AD1.exe [2017-01-11] () <==== ATTENTION
Task: {B1F24C7E-2276-46CE-BA86-2A24258ECB13} - System32\Tasks\{EE951CFE-593E-AB55-D6E1-619EEB2F9B1A} => C:\ProgramData\{3F1A36C5-88B1-816E-CE4F-65C90EBC098C}\19B3E578-AE18-52D3-D2CD-8DDFAA09F19D.exe [2017-01-12] () <==== ATTENTION
Task: {B60FE772-2194-4877-9014-78032B86419D} - System32\Tasks\{89EC92DD-3E47-2576-9536-1EE3F20D0E4C} => C:\ProgramData\{948C04A3-2327-B308-33C1-FA00909DDEBA}\C0238765-7788-30CE-A32B-049738AEC70D.exe [2016-12-15] () <==== ATTENTION
Task: {B9A37696-0EBD-4349-956D-85E9DFA0A1C7} - System32\Tasks\{BEC4FF58-096F-48F3-4973-207DC5380932} => C:\ProgramData\{38D6A99D-8F7D-1E36-4035-693CC1E1A0D1}\BB47F896-0CEC-4F3D-95A8-E5C78B739176.exe [2017-01-17] () <==== ATTENTION
Task: {BB0BDB16-67C9-4C2A-AAA6-0721A2AE877E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BBE4DDEA-C4F5-4EAB-8338-0CEED272DB12} - System32\Tasks\{898A3507-3E21-82AC-825B-F3A96E75B76C} => C:\ProgramData\{BE67261A-09CC-91B1-1DF1-3227FBA7DC2C}\B2B41D9F-051F-AA34-241E-A29C054FCFA2.exe [2017-01-12] () <==== ATTENTION
Task: {C9276089-7432-4574-BF9B-CA55E29904D1} - System32\Tasks\{6BBABFD8-DC11-0873-ED09-9AE4A83E92CC} => C:\ProgramData\{6CB105FE-DB1A-B255-3252-157D7C495E99}\5E489452-E9E3-23F9-AE9D-6EE3ECC73F58.exe [2017-01-19] () <==== ATTENTION
Task: {C9BF9332-00C9-4C6A-93FD-3B546CA44E7C} - System32\Tasks\{1DE31FE3-AA48-A848-82E5-F153F3C21F56} => C:\ProgramData\{BC3E326B-0B95-85C0-EA6E-CF77381E23AB}\E49B9B72-5330-2CD9-28FA-4BC8A258F670.exe [2017-01-11] () <==== ATTENTION
Task: {CEBE4146-6531-4EFA-8860-0575B5B4C757} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CFF448E6-7684-475B-9810-56E6450F3D31} - System32\Tasks\{6D840CC5-DA2F-BB6E-37D4-7D38E35B692F} => C:\ProgramData\{C8183BD4-7FB3-8C7F-B886-7CBBF0B6461C}\A367851F-14CC-32B4-7FEB-E977B00283C9.exe [2016-12-16] () <==== ATTENTION
Task: {D21CC2F3-269A-4600-94EF-20DD711967C6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D420CC27-5F9E-46D5-93D8-3C4F29427C0A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D7A4385E-B8F1-4818-B67B-4B03D778A016} - System32\Tasks\{D9B3EF64-6E18-58CF-9002-B5038E39E815} => C:\ProgramData\{AB4F2C1A-1CE4-9BB1-9C7E-2FFB54A7E510}\0C120894-BBB9-BF3F-DA2B-244F1915EB7E.exe [2016-12-15] () <==== ATTENTION
Task: {DAA81734-F300-455E-A5CA-B7D2B1A4480E} - System32\Tasks\{3E54329E-89FF-8535-1DCA-6D940633B249} => C:\ProgramData\{917AF371-26D1-44DA-3573-7D4984BB159B}\A0069FF2-17AD-2859-3D1E-0066C66CF689.exe [2017-01-11] () <==== ATTENTION
Task: {DCFAB6E3-E91F-4745-8B12-3BB57EF89FC4} - System32\Tasks\{F04B64B0-47E0-D31B-5254-FA9F374CB5F3} => C:\ProgramData\{86273658-318C-81F3-B9C4-C094ED730511}\E942515A-5EE9-E6F1-EEF6-CC30B2616E39.exe [2017-01-17] () <==== ATTENTION
Task: {EB56911B-A385-4A89-8FD2-E1C8CA2F8107} - System32\Tasks\{77DDDC8D-C076-6B26-78A3-980FF35FFD06} => C:\ProgramData\{DA6A6EFB-6DC1-D950-9474-99EBCD53D51C}\1D33CA8C-AA98-7D27-4E6D-FBD9F3E3C311.exe [2017-01-22] () <==== ATTENTION
Task: {EC5C62F6-849A-473D-8FF4-15F04D46AA0C} - \{92E0006A-254B-B7C1-40AE-DB8A591B916A} -> No File <==== ATTENTION
Task: {EEFFA97A-7383-4C4B-BE01-9AF9CEC1FBA4} - System32\Tasks\{C2C21262-7569-A5C9-9EC8-4ABFEBE57BF1} => C:\ProgramData\{964F377B-21E4-80D0-E7EB-9700A58BA855}\62593FD1-D5F2-887A-275D-66A4ED874C66.exe [2017-01-25] () <==== ATTENTION
Task: {EF8ABBE5-2882-4993-912F-0E23650DB2AE} - System32\Tasks\{274A107D-90E1-A7D6-EB48-718BE529BDF8} => C:\ProgramData\{3577B796-82DC-003D-DB2E-59B2C282D0FB}\5610BC03-E1BB-0BA8-0CE8-FC52DE6655A5.exe [2017-01-17] () <==== ATTENTION
Task: {F00A74CA-A8A3-4B4F-BED9-A57B24664A55} - System32\Tasks\{71BF5358-C614-E4F3-A017-7B6BAEA15BA7} => C:\ProgramData\{CC23D8DE-7B88-6F75-7C14-212C82D0371F}\2A4B3DA8-9DE0-8A03-758E-A1563B179D59.exe [2016-12-18] () <==== ATTENTION
Task: {F19BE303-3A19-4B56-9953-A69012A2ADA5} - System32\Tasks\{0C4992C4-BBE2-256F-785F-55DA4A5C1D0A} => C:\ProgramData\{2B1E6F99-9CB5-D832-2C50-EE54EE84D166}\CDECDCE2-7A47-6B49-5996-0DABA8C9F2E7.exe [2017-01-17] () <==== ATTENTION
Task: {F5AE8770-46D2-4417-8890-930245A633F6} - System32\Tasks\{BA5D2D1E-0DF6-9AB5-6613-74AE84F743E4} => C:\ProgramData\{CD2F5AAB-7A84-ED00-51FF-87DC3A1C5513}\74CED603-C365-61A8-2C64-2D718AFD2836.exe [2017-01-21] () <==== ATTENTION
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~``
Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.
OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)
After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD
Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
Then click on POST
Exit Malwarebytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
please post
Fixlog.txt
MalwareBytes log
AdwCleaner[C1].txt
Glad we could help. http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.