Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MalwareBytes detected 308 PUP files help [Closed]

Virus PUP Pop-up installers Optimizer Pro CinamaPlus CrossRider GamesDesktop GlobalUpdate PCtuner

  • This topic is locked This topic is locked

#1
LittleBebez

LittleBebez

    New Member

  • Member
  • Pip
  • 2 posts

This is the problems detected with MalwareBytes in Safe Mode

Registry Keys: 10
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV21.05-nv-ie, , [a0a70492fb8ff4426190e60b58abb54b],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [c285cacc98f267cff2358be656afdd23],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\CinemaPlus-3.2cV21.05, , [f156cdc90e7cd75fa54d8e63cc37c33d],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\CinemaPlus-3.2cV21.05-nv-ie, , [f057177f97f3300643af05ec778cda26],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [cc7bd4c2f09a6fc77fd20e458481fc04],
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\ARENAHD, , [e463781ea3e7bc7a5cc70e6305000cf4],
PUP.Optional.GamesDesktop.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\GAMESDESKTOP, , [4ef9c1d5d8b24beb26e32a462bdad12f],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [49fe7b1b68226ec8139f37a65ea5db25],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [2e19ade9484269cd39da2ece72919c64],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV21.05, , [7ec9930383079e98afc3a44dfc079868],

Registry Values: 4
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\ARENAHD|value, 1, , [e463781ea3e7bc7a5cc70e6305000cf4]
PUP.Optional.GamesDesktop.A, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\GAMESDESKTOP|mj, 15.05.21.0, , [4ef9c1d5d8b24beb26e32a462bdad12f]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, , [49fe7b1b68226ec8139f37a65ea5db25]
PUP.Optional.PCTuner.C, HKU\S-1-5-21-436473600-3666083100-318561649-1001\SOFTWARE\HIGHDEFACTION|value, 1, , [0b3c9ef8602a0d29fa3398d9de27dd23]

 

I have tried removing some of these in control Panel and they just returned again. ex: GamesDesktop. Plus it tried to force me to install optimizer pro.

it kept giving me a Microsoft warning that I should call a support number and it wouldn't close. it would just keep adding more windows of the same thing. avast kept detecting and blocking harmful webpages. I ran Malware-bytes and avast to help this. It all happened by mistakenly downloading an infected command and conquer-Red Alert program.

 

I am currently running in safe mode and the pop-up problems stopped

I ran a registrar boot-time scan with both Avast and Malware-bytes.

tried the remove option and command prompt was open and a window stating it was loading personal profile information with my Samsung pc logo in the back. I then unplugged and restarted in safe-mode with network.

now I am contacting you to please help me remove all problems.

SafegaurdPro was one of the programs I uninstalled that is not on this list.

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of these two runs could you restart in normal mode and let me know what problems are apparent

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll No File
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll No File
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll No File
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll No File
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2nfaqzu3.default\user.js [2015-05-21]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
2015-05-21 13:24 - 2015-05-21 13:24 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-21 13:07 - 2015-05-21 13:07 - 00000000 ____D () C:\ProgramData\e86bceb000002be6
2015-05-21 12:29 - 2015-05-21 12:29 - 00000000 ____D () C:\ProgramData\DesktopSearch
2015-05-21 12:25 - 2015-05-21 12:25 - 00000000 ____D () C:\Users\Scott\AppData\Local\globalUpdate
C:\Windows\mxtd.exe
Task: {EEA53835-2ECC-4A4F-A711-9A8157197637} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus, PUP, Pop-up installers, Optimizer Pro, CinamaPlus, CrossRider, GamesDesktop, GlobalUpdate, PCtuner

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP