Results 1 to 6 of 6

Thread: GO GAME GO and AS SEEN ON SCREEN tabs open - HELP! I can't get rid of them.

  1. #1
    Junior Member
    Join Date
    Jan 2017
    Location
    usa
    Posts
    2

    Default GO GAME GO and AS SEEN ON SCREEN tabs open - HELP! I can't get rid of them.

    I keep getting tabs that open (a dozen or more at a time) that are called GO GAME GO and AS SEEN On SCREEN. After some research they appear to be Adware and one resource said to install SpyBot to remove them. I did that (the paid version) and it has not removed them. They do not exist in my browser Extensions or in my Program Files. It will stop me from what I am doing, slow down my computer and open multiple tabs. Also- recently a new window started to open (not a browser window) when this happens - it is black and says cmd.exe_. Any suggestions? I'm not computer illiterate but getting into the very technical is beyond my skills. Will installing McAfee or Kaspersky or the like fix it? I had been relying on Windows Defender but obviously that didn't protect me. Thank you.

    Edit
    https://forums.spybot.info/showthrea...tance)-Updated
    Last edited by tashi; 2017-01-31 at 00:51. Reason: Added link to forum FAQ for anyone surfing in.

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,303

    Default

    Please back up your registry!

    Backup the Registry:
    Credit: Dakeyras

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features be viewed HERE


    ``````````````````````````````````````````````````````
    Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

    Farbar Log

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note:
    You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    (A simple way to check your system: Start --> Computer (right click) --> Properties
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Please make sure All Users is checked


    • Do not check
      *List BCD
      *Drivers MD5
      *Shortcut txt

    Or your logs will be too long to post.


    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
    • Please copy and paste log into your topic.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



    aswMBR Log

    Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

    Please download aswMBR to your desktop.


    • Double click the aswMBR icon to run it.
    • If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Jan 2017
    Location
    usa
    Posts
    2

    Default Could not complete the actions - things are getting worse

    Juliet- Thank you very much for your help. I followed your instructions and all went well until I got to the aswMBR Log actions. I was able to download it to my desktop and open it. When I click "YES" to the prompt that says "The computer supports 'Virtualization Technology.' " my screen turns blue and I get the message that says my PC ran into a problem and needs to restart itself. I've attached a picture of that. I've tried several times but keep getting the same thing. This was yesterday so I tried today and get the same message. Also - today I am now getting more pop-ups and tabs opening from different "advertisers" and one from Microsoft that says my PC has been infected and I have to call them. Yeah- right.
    Attachments:
    -FRST.txt (had so separate into two files A & B)
    -Additional.txt (had to separate into two files A & B)
    - screen shot of original GoGameGo tab
    I also am having issues viewing some pictures - they appear with a broken picture icon. I get an window that says "pulse-generated-images.s3.amazonaws.com's server DNS address cannot be found."

    Thank you very much for your help. I'm not sure what to do at this point. Should I take it toa PC repair place?
    SydLor
    Attached Images Attached Images
    Attached Files Attached Files
    Last edited by Juliet; 2017-02-03 at 02:21. Reason: edit

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,303

    Default

    wow
    I don't know how you've been able to use the computer, it's horribly infected.

    several steps here. If you try one and it's not working please move on to the next step.

    ~~

    We have several folders/files that look suspicious. Actually so many I can't post them all but I think we're going to find the majority to be bad.

    () C:\ProgramData\{CD2F5AAB-7A84-ED00-51FF-87DC3A1C5513}\74CED603-C365-61A8-2C64-2D718AFD2836.exe
    () C:\ProgramData\{6CB105FE-DB1A-B255-3252-157D7C495E99}\5E489452-E9E3-23F9-AE9D-6EE3ECC73F58.exe
    () C:\ProgramData\{3577B796-82DC-003D-DB2E-59B2C282D0FB}\5610BC03-E1BB-0BA8-0CE8-FC52DE6655A5.exe
    () C:\ProgramData\{86273658-318C-81F3-B9C4-C094ED730511}\E942515A-5EE9-E6F1-EEF6-CC30B2616E39.exe
    () C:\ProgramData\{8669FF4C-31C2-48E7-E164-321FEC87B5A8}\436FF444-F4C4-43EF-C2CA-1D90A743A300.exe
    () C:\ProgramData\{E5BC4BE2-5217-FC49-CD16-C7188E21BD53}\9F3C5F19-2897-E8B2-4CBF-12CD3981EF1E.exe
    () C:\ProgramData\{964F377B-21E4-80D0-E7EB-9700A58BA855}\62593FD1-D5F2-887A-275D-66A4ED874C66.exe
    () C:\ProgramData\{3AD297F4-8D79-205F-2CA0-19D462231537}\5E937CDC-E938-CB77-FC66-EE8922E3E827.exe
    () C:\ProgramData\{C8183BD4-7FB3-8C7F-B886-7CBBF0B6461C}\A367851F-14CC-32B4-7FEB-E977B00283C9.exe
    () C:\ProgramData\{049783F1-B33C-345A-C024-939BE254FA9D}\23AE2F7E-9405-98D5-F6AB-CDAE6A350CAB.exe
    () C:\ProgramData\{38D6A99D-8F7D-1E36-4035-693CC1E1A0D1}\BB47F896-0CEC-4F3D-95A8-E5C78B739176.exe

    we need to get a couple scanned.


    Unhide your Files and folders.
    scroll down to On Windows 8.x or 10
    http://www.howtogeek.com/howto/windo...windows-vista/


    Please go to one of the below sites to scan the following files:
    Virus Total (Recommended)
    jotti.org
    VirScan
    click on Browse, and upload the following file for analysis:

    C:\ProgramData\{CD2F5AAB-7A84-ED00-51FF-87DC3A1C5513}\74CED603-C365-61A8-2C64-2D718AFD2836.exe


    Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
    If it says already scanned -- click "reanalyze now"
    Please post the results in your next reply.

    Please also have this one scanned too
    C:\ProgramData\{6CB105FE-DB1A-B255-3252-157D7C495E99}\5E489452-E9E3-23F9-AE9D-6EE3ECC73F58.exe

    ~~~~

    While files and folders are unhidden,

    Now please go to add/remove programs, search for and uninstall
    https://support.microsoft.com/en-us/...emove-programs
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

    ~~~

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Or use this method Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.

    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{47af0d84-7fb4-429e-bb76-f7590c25a5da}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{47af0d84-7fb4-429e-bb76-f7590c25a5da}: [DhcpNameServer] 82.163.143.176
    Tcpip\..\Interfaces\{7a5adf34-8bdc-4a72-afc4-bc8aa51b145e}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{c1eac516-ba61-40b3-8e2e-0b9233380a3f}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{f249b31e-e95a-429e-8631-bdc5ae715068}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{f249b31e-e95a-429e-8631-bdc5ae715068}: [DhcpNameServer] 82.163.143.176
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBdV0IBAEQQhgbdwAPTA0SElMOIgAOBRRDFFAbIgkBUg4SEQwFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlEmRFdoLlZP
    HKU\S-1-5-21-2756310535-3547406816-3898245373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBdV0IBAEQQhgbdwAPTA0SElMOIgAOBRRDFFAbIgkBUg4SEQwFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlEmRFdoLlZP
    URLSearchHook: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
    SearchScopes: HKLM -> DefaultScope {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
    SearchScopes: HKLM -> {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 -> DefaultScope {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 -> OldSearch URL =
    SearchScopes: HKU\S-1-5-21-2756310535-3547406816-3898245373-1001 -> {8D88C761-D445-420B-8B0D-1F01EFC2FFBE} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
    BHO-x32: Search Web Know -> {da8dfa05-93a3-4617-8c86-bbfc625f8fa7} -> C:\Program Files (x86)\Search Web Know\Extensions\da8dfa05-93a3-4617-8c86-bbfc625f8fa7.dll => No File
    FF user.js: detected! => C:\Users\Sydney\AppData\Roaming\Mozilla\Firefox\Profiles\1noylhwc.default-1458778006057\user.js [2016-03-24]
    FF NewTab: Mozilla\Firefox\Profiles\1noylhwc.default-1458778006057 -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFcWJAldWVgSDA0UeQ4VVVpCRxhBeQ9cTAtERA1BcAALVlpBGBNBNARaB0tXUUEeJl9NER8fHGZGIUtbCW4UQ35NL04=
    FF Keyword.URL: Mozilla\Firefox\Profiles\1noylhwc.default-1458778006057 -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsNBQkUGVRAbQEPWA5cFVYQJhRaWA8VDAcWJQFaUQBCFlYTeR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBdV0IBAEQQhgbdwAPTA0SElMOIgAOBRRDFFAbIgkBUg4SEQwFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmRFdoLlZP"
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <no Path/update_url>
    C:\Users\Sydney\PremiereElements_11_LS15_win64.exe
    Task: {0019CB7F-30C8-48CA-A4AA-7A6A3716A948} - System32\Tasks\{8EE038BE-394B-8F15-03AB-B609EC16DF45} => C:\ProgramData\{E5BC4BE2-5217-FC49-CD16-C7188E21BD53}\9F3C5F19-2897-E8B2-4CBF-12CD3981EF1E.exe [2017-01-17] () <==== ATTENTION
    Task: {0693BA3E-CA24-48A0-92AD-DC722D5F81CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {168391E6-8258-4D54-A1A2-2EA4A4D288A6} - System32\Tasks\{AE5A0284-19F1-B52F-6317-4F381D3C8A28} => C:\ProgramData\{CB900FB3-7C3B-B818-C522-AB74BF70082F}\E1B75F1E-561C-E8B5-8133-25C661DFC070.exe [2017-01-13] () <==== ATTENTION
    Task: {1CEC1D58-3993-48F9-8C4A-31A1C244D9B5} - System32\Tasks\{2C8ED292-9B25-6539-C153-052CA32B4054} => C:\ProgramData\{3A408293-8DEB-3538-63BA-CF8CC0F79D7E}\A0BDB699-1716-0132-370B-D91F282D7A1A.exe [2017-01-13] () <==== ATTENTION
    Task: {233350D5-78A3-4BDA-8CE6-98E4302345EB} - System32\Tasks\{586BDC72-EFC0-6BD9-BDF4-3C7699194554} => C:\ProgramData\{C81CBEFF-7FB7-0954-8857-E97E8184F6B9}\9F9BB995-2830-0E3E-78AA-A6D1E580F226.exe [2017-01-20] () <==== ATTENTION
    Task: {28607C67-0664-4633-BF1C-D7277B24D412} - System32\Tasks\{76B74FF2-ADBE-6361-4940-4C7EBEEF9445} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\709c5479\6e7d3997.dll" <==== ATTENTION
    Task: {2D657343-6355-4E3C-B16E-F17B8B189647} - System32\Tasks\{680BC8AC-24A0-48EF-8BBC-E4EEC1143CE7} => pcalua.exe -a I:\Setup.exe -d I:\
    Task: {2EF4BE61-76DA-4AFF-B1AD-FDA27576F57D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {31644FE5-9070-4CED-94B5-4AF67613D3E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {35F6BA1F-2D9F-4028-8089-59C323497720} - \WPD\SqmUpload_S-1-5-21-2756310535-3547406816-3898245373-1001 -> No File <==== ATTENTION
    Task: {3AC1AED1-70FF-4FD2-A0BB-AB96246CA655} - System32\Tasks\{D6EF16B2-6144-A119-A796-5F91D5EF0037} => C:\ProgramData\{77878F73-C02C-38D8-C05F-032262A5DB06}\56AC5E71-E107-E9DA-4CDB-27CE9785AB81.exe [2016-12-19] () <==== ATTENTION
    Task: {3ACC8CFA-808A-4EF5-A98B-E07D9FCE523A} - System32\Tasks\{CEB2E458-7919-53F3-4EDC-2D8E4093767F} => C:\ProgramData\{DA6265AE-6DC9-D205-9AE0-FE2E80057A4A}\BFABECA6-0800-5B0D-0852-DF3F807440DB.exe [2016-12-15] () <==== ATTENTION
    Task: {3CD16B77-AC15-46B9-841B-411B39AEC465} - System32\Tasks\{E8478E74-5FEC-39DF-18CC-DED2CA29DA4F} => C:\ProgramData\{7CF53E25-CB5E-898E-19FA-382BFBDB443C}\AAE9157F-1D42-A2D4-C462-AEB1514A3862.exe [2016-12-18] () <==== ATTENTION
    Task: {41B8FCFF-C365-48EC-979B-67D4036C2740} - System32\Tasks\{D5D4EE64-627F-59CF-19BC-ED8D359CD389} => C:\ProgramData\{DF9A53D4-6831-E47F-D64F-062A61AD3F96}\B0DE74D1-0775-C37A-641C-CB1B385962C4.exe [2017-01-17] () <==== ATTENTION
    Task: {4E80C004-9FCF-4D69-9E25-D7105F3AAA75} - \{AAAF5427-1D04-E38C-6B36-6EA1ED68401B} -> No File <==== ATTENTION
    Task: {60B08632-7BB0-46E2-A2EE-2D3829496F3B} - System32\Tasks\{A83EE33C-1F95-5497-2A7F-3805023FC0BE} => C:\ProgramData\{0D47C57D-BAEC-72D6-89E6-826BC8375CFC}\74A4214B-C30F-96E0-6E6B-BD96284450ED.exe [2017-01-11] () <==== ATTENTION
    Task: {69F675D8-235D-4FED-839D-BE694CBAC4C6} - \PCDEventLauncherTask -> No File <==== ATTENTION
    Task: {6B473D10-8D5E-4D69-A322-E4781ABED797} - System32\Tasks\{ED8A19E5-5A21-AE4E-A574-3BC9A9A0CB4D} => C:\ProgramData\{BB115BD9-0CBA-EC72-B4D5-E0D77B902FD9}\2B0EEFC7-9CA5-586C-74D1-003A931F2633.exe [2017-01-23] () <==== ATTENTION
    Task: {6E102DD7-C110-4B13-A09E-C3B4DC850A71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {71416140-C5DA-4983-A233-2CAEA70C61E8} - System32\Tasks\{0DE32531-BA48-929A-3AC9-CA8CB6A14DB6} => C:\ProgramData\{BA0BE89B-0DA0-5F30-17F4-34B04872CE35}\11AC4979-A607-FED2-4257-622E033886DA.exe [2017-01-22] () <==== ATTENTION
    Task: {73EC7327-41E1-4A91-8F08-5D323CCC3808} - System32\Tasks\{7B33960A-CC98-21A1-021D-DB53A6206F0D} => C:\ProgramData\{E5190278-52B2-B5D3-EACC-C61511A1564C}\4D5FF3B8-FAF4-4413-86C4-D44D827A4152.exe [2017-01-23] () <==== ATTENTION
    Task: {762C586B-0612-4713-B460-F53E1CD8F4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {772CB141-86B7-49BE-AE0C-8E5A4C4BF598} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {80F1DF91-E045-4B1B-9830-C8ED2C9E0C88} - System32\Tasks\{B3298081-0482-372A-C890-1402930A920E} => C:\ProgramData\{8669FF4C-31C2-48E7-E164-321FEC87B5A8}\436FF444-F4C4-43EF-C2CA-1D90A743A300.exe [2017-01-19] () <==== ATTENTION
    Task: {83EC795C-AA61-4A53-BB4E-699F63CDFC7A} - System32\Tasks\{37FBDC58-8050-6BF3-7175-8F19F785235C} => C:\ProgramData\{C823DBD4-7F88-6C7F-6C8A-B43B5DADB9C8}\A187ACCA-162C-1B61-6A56-BB9861A3E163.exe [2016-12-19] () <==== ATTENTION
    Task: {8AD75239-6045-4ED1-AC5D-451FA767AF93} - System32\Tasks\{A455B8D6-13FE-0F7D-8388-375B05051671} => C:\ProgramData\{7081790A-C72A-CEA1-6F99-62A2EF1E0BA0}\124F93FE-A5E4-2455-9E9D-2968C7FAC1BB.exe [2017-01-23] () <==== ATTENTION
    Task: {8C716633-AD9D-4992-A41F-93DBFF48D7FC} - System32\Tasks\{2060ED3A-97CB-5A91-F9A3-5733B98F75E0} => C:\ProgramData\{877190B9-30DA-2712-62E2-155925E0E90F}\2F1A4499-98B1-F332-C0B9-33F5DE8A0FA1.exe [2017-01-23] () <==== ATTENTION
    Task: {8F18FF4E-A4B6-4345-8F3C-A1248D786DCA} - System32\Tasks\{76856C58-C12E-DBF3-5E8F-CBD45A7E018F} => C:\ProgramData\{3FB40AA3-881F-BD08-73E0-AFF0DB7ECBA5}\1305D51A-A4AE-62B1-CCEC-4F945EF98757.exe [2016-12-15] () <==== ATTENTION
    Task: {91EEC119-4D12-4282-8BF5-048313621828} - System32\Tasks\{5DB986E0-EA12-314B-EB50-ADE66555D612} => C:\ProgramData\{3AD297F4-8D79-205F-2CA0-19D462231537}\5E937CDC-E938-CB77-FC66-EE8922E3E827.exe [2017-01-25] () <==== ATTENTION
    Task: {930B7472-CD6E-4450-A822-F2BAB2B69C4D} - System32\Tasks\{44EF213C-F344-9697-FA23-2B768531C391} => C:\ProgramData\{56D7891B-E17C-3EB0-75C8-EBF21624BFA2}\8D1B8E83-3AB0-3928-D894-821C0AB9039F.exe [2017-01-17] () <==== ATTENTION
    Task: {95A30410-180E-4D8C-9D0D-C9DD5CD8AD40} - System32\Tasks\{FB55F27E-4CFE-45D5-DA3F-39D8D810ABF0} => C:\ProgramData\{217A2995-96D1-9E3E-CD59-19C6DD911DB3}\FEDA94DF-4971-2374-AF17-9320EA82E652.exe [2017-01-21] () <==== ATTENTION
    Task: {96A32C05-F6EC-43FC-9042-FB27D7EA37A6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {96BEB3DC-9948-4136-8CD0-3C03DAFFC212} - System32\Tasks\{CB426D00-7CE9-DAAB-0239-FD7094424E13} => C:\ProgramData\{0F2AC39B-B881-7430-4D15-7DB506EC7902}\32B70CE4-851C-BB4F-D786-1387BEC5FD38.exe [2017-01-20] () <==== ATTENTION
    Task: {9885786A-1EC9-4CD2-8E73-F7CA43C9E106} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {9C9C909C-9CC0-4F8C-8556-A59C01972A1A} - System32\Tasks\{CF1C8490-78B7-333B-72E9-CA5231C91249} => C:\ProgramData\{049783F1-B33C-345A-C024-939BE254FA9D}\23AE2F7E-9405-98D5-F6AB-CDAE6A350CAB.exe [2016-12-16] () <==== ATTENTION
    Task: {A1608E8B-D8F5-4A88-99D1-E5C468C151D0} - \{7304B2B9-C4AF-0512-F261-FB1C9794E615} -> No File <==== ATTENTION
    Task: {A1FD550E-262E-4756-B56A-FA025183EFC2} - \{46AEB832-F105-0F99-CC6D-F10A602DC3ED} -> No File <==== ATTENTION
    Task: {AB5B4499-6E2F-4024-AD0A-459F31F74F2A} - System32\Tasks\{16DBF587-A170-422C-4325-AAC6671FCA63} => C:\ProgramData\{5CD7C43D-EB7C-7396-AEB0-93905BE54AD0}\6672CD5E-D1D9-7AF5-B9E1-33D338457AD1.exe [2017-01-11] () <==== ATTENTION
    Task: {B1F24C7E-2276-46CE-BA86-2A24258ECB13} - System32\Tasks\{EE951CFE-593E-AB55-D6E1-619EEB2F9B1A} => C:\ProgramData\{3F1A36C5-88B1-816E-CE4F-65C90EBC098C}\19B3E578-AE18-52D3-D2CD-8DDFAA09F19D.exe [2017-01-12] () <==== ATTENTION
    Task: {B60FE772-2194-4877-9014-78032B86419D} - System32\Tasks\{89EC92DD-3E47-2576-9536-1EE3F20D0E4C} => C:\ProgramData\{948C04A3-2327-B308-33C1-FA00909DDEBA}\C0238765-7788-30CE-A32B-049738AEC70D.exe [2016-12-15] () <==== ATTENTION
    Task: {B9A37696-0EBD-4349-956D-85E9DFA0A1C7} - System32\Tasks\{BEC4FF58-096F-48F3-4973-207DC5380932} => C:\ProgramData\{38D6A99D-8F7D-1E36-4035-693CC1E1A0D1}\BB47F896-0CEC-4F3D-95A8-E5C78B739176.exe [2017-01-17] () <==== ATTENTION
    Task: {BB0BDB16-67C9-4C2A-AAA6-0721A2AE877E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BBE4DDEA-C4F5-4EAB-8338-0CEED272DB12} - System32\Tasks\{898A3507-3E21-82AC-825B-F3A96E75B76C} => C:\ProgramData\{BE67261A-09CC-91B1-1DF1-3227FBA7DC2C}\B2B41D9F-051F-AA34-241E-A29C054FCFA2.exe [2017-01-12] () <==== ATTENTION
    Task: {C9276089-7432-4574-BF9B-CA55E29904D1} - System32\Tasks\{6BBABFD8-DC11-0873-ED09-9AE4A83E92CC} => C:\ProgramData\{6CB105FE-DB1A-B255-3252-157D7C495E99}\5E489452-E9E3-23F9-AE9D-6EE3ECC73F58.exe [2017-01-19] () <==== ATTENTION
    Task: {C9BF9332-00C9-4C6A-93FD-3B546CA44E7C} - System32\Tasks\{1DE31FE3-AA48-A848-82E5-F153F3C21F56} => C:\ProgramData\{BC3E326B-0B95-85C0-EA6E-CF77381E23AB}\E49B9B72-5330-2CD9-28FA-4BC8A258F670.exe [2017-01-11] () <==== ATTENTION
    Task: {CEBE4146-6531-4EFA-8860-0575B5B4C757} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CFF448E6-7684-475B-9810-56E6450F3D31} - System32\Tasks\{6D840CC5-DA2F-BB6E-37D4-7D38E35B692F} => C:\ProgramData\{C8183BD4-7FB3-8C7F-B886-7CBBF0B6461C}\A367851F-14CC-32B4-7FEB-E977B00283C9.exe [2016-12-16] () <==== ATTENTION
    Task: {D21CC2F3-269A-4600-94EF-20DD711967C6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {D420CC27-5F9E-46D5-93D8-3C4F29427C0A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D7A4385E-B8F1-4818-B67B-4B03D778A016} - System32\Tasks\{D9B3EF64-6E18-58CF-9002-B5038E39E815} => C:\ProgramData\{AB4F2C1A-1CE4-9BB1-9C7E-2FFB54A7E510}\0C120894-BBB9-BF3F-DA2B-244F1915EB7E.exe [2016-12-15] () <==== ATTENTION
    Task: {DAA81734-F300-455E-A5CA-B7D2B1A4480E} - System32\Tasks\{3E54329E-89FF-8535-1DCA-6D940633B249} => C:\ProgramData\{917AF371-26D1-44DA-3573-7D4984BB159B}\A0069FF2-17AD-2859-3D1E-0066C66CF689.exe [2017-01-11] () <==== ATTENTION
    Task: {DCFAB6E3-E91F-4745-8B12-3BB57EF89FC4} - System32\Tasks\{F04B64B0-47E0-D31B-5254-FA9F374CB5F3} => C:\ProgramData\{86273658-318C-81F3-B9C4-C094ED730511}\E942515A-5EE9-E6F1-EEF6-CC30B2616E39.exe [2017-01-17] () <==== ATTENTION
    Task: {EB56911B-A385-4A89-8FD2-E1C8CA2F8107} - System32\Tasks\{77DDDC8D-C076-6B26-78A3-980FF35FFD06} => C:\ProgramData\{DA6A6EFB-6DC1-D950-9474-99EBCD53D51C}\1D33CA8C-AA98-7D27-4E6D-FBD9F3E3C311.exe [2017-01-22] () <==== ATTENTION
    Task: {EC5C62F6-849A-473D-8FF4-15F04D46AA0C} - \{92E0006A-254B-B7C1-40AE-DB8A591B916A} -> No File <==== ATTENTION
    Task: {EEFFA97A-7383-4C4B-BE01-9AF9CEC1FBA4} - System32\Tasks\{C2C21262-7569-A5C9-9EC8-4ABFEBE57BF1} => C:\ProgramData\{964F377B-21E4-80D0-E7EB-9700A58BA855}\62593FD1-D5F2-887A-275D-66A4ED874C66.exe [2017-01-25] () <==== ATTENTION
    Task: {EF8ABBE5-2882-4993-912F-0E23650DB2AE} - System32\Tasks\{274A107D-90E1-A7D6-EB48-718BE529BDF8} => C:\ProgramData\{3577B796-82DC-003D-DB2E-59B2C282D0FB}\5610BC03-E1BB-0BA8-0CE8-FC52DE6655A5.exe [2017-01-17] () <==== ATTENTION
    Task: {F00A74CA-A8A3-4B4F-BED9-A57B24664A55} - System32\Tasks\{71BF5358-C614-E4F3-A017-7B6BAEA15BA7} => C:\ProgramData\{CC23D8DE-7B88-6F75-7C14-212C82D0371F}\2A4B3DA8-9DE0-8A03-758E-A1563B179D59.exe [2016-12-18] () <==== ATTENTION
    Task: {F19BE303-3A19-4B56-9953-A69012A2ADA5} - System32\Tasks\{0C4992C4-BBE2-256F-785F-55DA4A5C1D0A} => C:\ProgramData\{2B1E6F99-9CB5-D832-2C50-EE54EE84D166}\CDECDCE2-7A47-6B49-5996-0DABA8C9F2E7.exe [2017-01-17] () <==== ATTENTION
    Task: {F5AE8770-46D2-4417-8890-930245A633F6} - System32\Tasks\{BA5D2D1E-0DF6-9AB5-6613-74AE84F743E4} => C:\ProgramData\{CD2F5AAB-7A84-ED00-51FF-87DC3A1C5513}\74CED603-C365-61A8-2C64-2D718AFD2836.exe [2017-01-21] () <==== ATTENTION
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~~~~~~``

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW

    • When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD
    • Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
    • Then click on POST
    • Exit Malwarebytes


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    please post
    Fixlog.txt
    MalwareBytes log
    AdwCleaner[C1].txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,303

    Default

    still need help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,303

    Default

    Glad we could help.
    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •