Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help, have multiple pop-ups and probably a virus too

Started by juglar21 , Dec 19 2014 04:07 PM

  • This topic is locked This topic is locked

#31
juglar21
Posted 21 December 2014 - 03:20 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

just to give you an update, Malwarebytes worked well, restarted the computer, am currenlyt searching for the log


  • 0

Advertisements

#32
zep516
Posted 21 December 2014 - 03:24 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
See if this helps,
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log to your next reply.

  • 0

#33
juglar21
Posted 21 December 2014 - 03:30 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

The 'Scanning History Log' of MBAM is bigger than the screen of my Dell laptop and I guess the button 'Export' is at the bottom, so right now I cannot click on that  :(

 

Looking for a way out of this, J


  • 0

#34
zep516
Posted 21 December 2014 - 03:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Can you see if the files are quarantined, from what you can see of it ?
  • 0

#35
juglar21
Posted 21 December 2014 - 03:35 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

<<Can you see if the files are quarantined, from what you can see of it ?>>

 

no, but at the end of the scan it first said that that many things were quarantined and then deleted, if that helps

 

J


  • 0

#36
zep516
Posted 21 December 2014 - 03:37 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
OK. quarantined and then deleted is a good thing :)

What if you hit F11 on your keyboard, does that help ?
  • 0

#37
juglar21
Posted 21 December 2014 - 03:39 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

... but under  History I can go to either Quarantine or Appolication Logs and I was at Application Logs, but now I am in Quarantine and there it says,   'These threats have been quarnatine by your MBAM produckt ....if that helps


  • 0

#38
juglar21
Posted 21 December 2014 - 03:42 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

pressing F11 does not help


  • 0

#39
juglar21
Posted 21 December 2014 - 03:44 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Is there a way to move the taskbar to the top?


  • 0

#40
zep516
Posted 21 December 2014 - 03:45 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Left click on task bar hold left click down and move mouse towards top

Lets keep moving forward, maybe we can figure the log out later.

Are you in agreement with keeping Microsoft Security Essentials. And not re-installing AVG.

Joe
  • 0

Advertisements

#41
juglar21
Posted 21 December 2014 - 03:45 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

let me try to connect an external screen


  • 0

#42
juglar21
Posted 21 December 2014 - 03:50 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

sure, if that is your recommendation!


  • 0

#43
juglar21
Posted 21 December 2014 - 03:52 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

I think that is the log from MBAM you needed

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/21/2014
Scan Time: 3:23:10 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.21.04
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372772
Time Elapsed: 43 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 56
PUP.Optional.SearchSnacks.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [ca53075c87f587afe53afbdbc939d927],
PUP.Optional.SearchSnacks.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [ca53075c87f587afe53afbdbc939d927],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [5cc10a59b5c79c9ada547625a162d32d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [4ecf23405725b87ebc72a4f7a65d3dc3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [bf5eb7ac611b62d40f1f7c1fb54e2cd4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [c35aec77a7d541f58ba3eead798ac13f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [e33a9cc71d5fb2846bc3118ae81b2dd3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [45d884dffd7f6ec884aa732813f008f8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [c8555013087469cd76b8faa109fa33cd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [a27bfe65dd9fe74f53db4952847f718f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [2df081e23f3df24470be316a09fa24dc],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [75a8184b05775bdbd45a4655b44fde22],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [a7765b08bfbd1224c06e782357ac41bf],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [d14c2f34e49877bfbb735447ae556d93],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [e23b85de97e55adcc26ca1fa0003867a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [7e9f3330e19bda5c6ec0f6a506fd13ed],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [aa73471c601c3006210df4a73cc73ec2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [b36a491a38443ff7141a4b508f743dc3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [47d65f049fdd75c1042a53485fa4936d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [7ba277ec1b610234200e3269f211f20e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [809d6df67705f343eb434b5063a0d729],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [d24bfa692f4dd75fcd61405bb64da65a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [2df0d48f027a7db943ebcfcce122a35d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [8d900d562953a39380ae55460bf83dc3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [fb22bca77606b680d757f3a8dc27e917],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [8994fb68136966d0ff2f2279d62d9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\RecipeHub_2j, Quarantined, [4ecfd58ebdbf132317816961a65e9070],
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [3be22e35fe7e36008a4dd28e17ec9d63],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [c7564c17f389e650131b316aae552dd3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [c954ce956e0e092d88a6831815eeea16],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [bb62dc871f5dec4a6cc2e1babf445ea2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [6ab342213e3e3105b07e6338e81ba25e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [e835f073314bcb6b51dd514a699a5ba5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [a17c045fc5b763d31b13504b0ef545bb],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [ab72ce95106cf93d76b86635a2615ba5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [c95462013d3fca6c2e00643742c1d22e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [a5784a19d4a878be7bb3d7c40af901ff],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [5dc0fa69710b8aac002e940719eaa45c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8895e380adcfca6c2608247724df7d83],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [ee2f6ff488f4122468c65546ac57fd03],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [a479491a6616fc3a59d57d1ec142e020],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [1eff79eab3c9f93d3bf31a8142c146ba],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [9c817be824581f1776b855461be8fb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [56c7d88bb9c33006b37bbeddb54e9868],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [9e7f6300720a63d3121c4754b152d729],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [c8553b28c7b5092d44ea405bc2413cc4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [fe1fc1a2a4d8d85e0826514a877ca15f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [42db65fe4834999d1a14900bf112b947],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [5cc1db88621a2412bb73c6d5887b23dd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [88956af9314b80b6af7feeada162fa06],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [f32adb88027aa78f52dc9dfe05fef60a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [1c01fe65760667cf76b8a9f2b94aec14],
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Quarantined, [9d80491a85f79f97d8fb6331ac5737c9],
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\weDownload Manager Pro, Quarantined, [ed309bc8364645f1cef774096d96b848],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RecipeHub_2j, Quarantined, [2cf1471cd5a755e18910b8122fd514ec],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RecipeHub_2j, Quarantined, [fe1f87dc0b71c27441c1b7c8a1629b65],

Registry Values: 9
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, Quarantined, [31ecb1b2c1bbc274128895421be77c84],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, øËÃëöüâF¼;ê¼rqî±, Quarantined, [31ecb1b2c1bbc274128895421be77c84]
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, Quarantined, [31ecb1b2c1bbc274128895421be77c84],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}, Quarantined, [8895362dfc8056e0d8c2d9fe15ed5ca4],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{cc8ae5b8-005b-4b1a-a27d-307eddffe5c8}, Quarantined, [b16cb4af0874dd59a494825616eca759],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CC8AE5B8-005B-4B1A-A27D-307EDDFFE5C8}, Quarantined, [b16cb4af0874dd59a494825616eca759],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{cf51de5b-eb36-4114-bb69-84df63fbadb4}, Quarantined, [eb322f34bbc195a1a29792468c766799],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}, Quarantined, [eb322f34bbc195a1a29792468c766799],
PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-4287490833-3400291495-2554494040-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ConsumerInput@Compete, C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi, Quarantined, [011cb3b0d2aa5adc91cda0c0eb189d63]

Registry Data: 0
(No malicious items detected)

Folders: 32
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [87960a59e399181e6467f41e0201619f],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\defaults, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\defaults\preferences, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\locale, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\addon-kit, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\addon-kit\data, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\data, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\addon, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\dom, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\event, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\events, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\private-browsing, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\system, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traits, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\window, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\SavingsBull, Delete-on-Reboot, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\SavingsBull\data, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\SavingsBull\lib, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.SavingsBull.A, C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\z8anwi81.default\extensions\SavingsBull@jetpack\resources\SavingsBull\tests, Quarantined, [6eaf10538af255e16996f63150b3da26],
PUP.Optional.StormAlerts.A, C:\Users\Kris\AppData\Local\Weather_Warnings_LLC, Delete-on-Reboot, [cc518fd4ccb055e1eca252eb3ac91ee2],
PUP.Optional.StormAlerts.A, C:\Users\Kris\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_owwuyufusv2bxrgjszaq3udnyhgsnbrz, Delete-on-Reboot, [cc518fd4ccb055e1eca252eb3ac91ee2],
PUP.Optional.StormAlerts.A, C:\Users\Kris\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_owwuyufusv2bxrgjszaq3udnyhgsnbrz\1.4.0.0, Quarantined, [cc518fd4ccb055e1eca252eb3ac91ee2],

Files: 23
PUP.Optional.StormAlert.A, C:\ProgramData\RTlMgdbphT\dat\hZohLwq.exe, Quarantined, [6eaf1152d8a4e056898adb160ff26898],
PUP.Optional.StormAlert.A, C:\ProgramData\RTlMgdbphT\dat\lSHsNr.exe, Quarantined, [1c01f56e295391a548cb05ec46bb738d],
PUP.Optional.HealthAlert.A, C:\ProgramData\RTlMgdbphT\dat\ulJBWM.dll, Quarantined, [f726e281b6c691a54878e87d927321df],
PUP.Optional.OptimunInstaller, C:\Users\Kris\AppData\Local\Temp\Tk7YscoD.exe.part, Quarantined, [d14c6df6ed8f44f2da26eb5fca3621df],
Trojan.SProtector, C:\Users\Kris\AppData\Local\Temp\18be6784_.exe, Quarantined, [c25b70f39ae22d09c7b17af46f92a65a],
PUP.Optional.AirAdInstaller, C:\Users\Kris\AppData\Local\Temp\setup.exe, Quarantined, [918ccd9627550135ddc13829b64a01ff],
PUP.Optional.AppInstaller, C:\Users\Kris\AppData\Local\Temp\n1794\FLVMPlayerSetup-c45490cb.exe, Quarantined, [9786e87b94e8f343d26a1788dd24fd03],
PUP.Optional.Babylon, C:\Users\Kris\AppData\Local\Temp\n1794\SystemSpeedUPInstaller.exe, Quarantined, [c5580261354784b2309ec100857c8878],
PUP.Optional.DownloadAssistant, C:\Users\Kris\AppData\Local\Temp\a2wXROtwpD\Zch2suF2\Setup.exe, Quarantined, [6bb24d16c3b9360082fab333af520ef2],
PUP.Optional.AirAdInstaller, C:\Users\Kris\Downloads\setup(1).exe, Quarantined, [56c7e3809fdd55e1ecb2273a17e921df],
PUP.Optional.OptimunInstaller, C:\Users\Kris\Downloads\setup.exe, Quarantined, [62bb87dcf7859e98be4253f7d7294bb5],
PUP.Optional.Inbox, C:\Users\Kris\Downloads\ClasifiedsSetup (2).exe, Quarantined, [d74687dcaece989e83e2f92eed1421df],
PUP.Optional.Inbox, C:\Users\Kris\Downloads\ClasifiedsSetup.exe, Quarantined, [46d776ed1e5eb97d3d28f4338a7735cb],
PUP.Optional.Inbox, C:\Users\Kris\Downloads\ClasifiedsSetup (1).exe, Quarantined, [cd50acb7522acf67a6bf00274cb57c84],
PUP.Optional.Conduit, C:\Users\Kris\Downloads\WiseConvert.exe, Quarantined, [c75698cb99e3c86eb63149e69c64d22e],
PUP.Optional.Solimba, C:\Users\Kris\Downloads\Metronome.exe, Quarantined, [a17c74ef225a91a5803e09d1d62b3fc1],
PUP.Optional.DownloadAssistant, C:\Users\Kris\Downloads\Avast_Setup(1).exe, Quarantined, [c05d590a3e3ece68027abf2748b93cc4],
PUP.Optional.DownloadAssistant, C:\Users\Kris\Downloads\Avast_Setup.exe, Quarantined, [031aed76017b85b13a42875fca37728e],
PUP.Optional.Vitruvian.A, C:\Users\Kris\AppData\Local\Temp\vitruvian-installer-install-v0001, Quarantined, [70ad8bd8512bd95de02e825757ad5da3],
PUP.Optional.Vitruvian.A, C:\Users\Kris\AppData\Local\Temp\vitruvian-installer-processes-v0001, Quarantined, [7e9f243fb3c94ceac6485c7d976d04fc],
PUP.Optional.Vitruvian.A, C:\Users\Kris\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001, Quarantined, [8f8e5c0788f40c2a31dd77628282e41c],
PUP.Optional.Vitruvian.A, C:\Users\Kris\AppData\Local\Temp\vitruvian-installer-uninstall-v0001, Quarantined, [ac71adb6cfad0135d73709d09d67659b],
PUP.Optional.StormAlerts.A, C:\Users\Kris\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_owwuyufusv2bxrgjszaq3udnyhgsnbrz\1.4.0.0\user.config, Quarantined, [cc518fd4ccb055e1eca252eb3ac91ee2],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#44
zep516
Posted 21 December 2014 - 03:58 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Excellent work. It's amazing what windows will put up with an still run :)


First

Programs to uninstall "If found". Click start> Control panel > Programs an features.
  • Java 7 Update 25
  • Java™ 6 Update 18
  • MyTurboPC <------------ I don't recommend this program.
  • savernet
Old versions of Java are a security risk.

Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.

Please run the AVG 2015 64Bit removal tool see link below for that: 2nd one down on that web page on the right side.
http://www.avg.com/us-en/utilities
Download the tool, save the file to the desktop and run it. Let it do it's thing. This will get rid of left over AVG Files. It needs to be done even if you already uninstalled it.


Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File
URLSearchHook: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 - (No Name) - {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5F985957-0049-4210-85EA-753302A958A3} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://groovorio.com...=1690693304&ir=
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM-x32 -> {5EF5EE14-605F-4F27-B7E0-E5510E36D687} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {195F4B0C-8532-4E8F-A797-7BD3525C1AFC} URL = http://websearch.ask...FF-0ECF3BF72416
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {1AC6F0D9-5B4C-423A-B201-98A06EC8B28E} URL =
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {5EF5EE14-605F-4F27-B7E0-E5510E36D687} URL =
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={D1B0889F-1643-4B0F-B97B-CA7A60E63D23}&mid=8551acdd3c8547d381bf69e5299db7b1-90251f1b08ece7b999cfccfa4036ef24c7d46596&lang=en&ds=ft013&coid=avgtbdisft&pr=sa&d=2013-11-17 20:39:30&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.c...id=10002&lng=en
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox...id=80472&lng=en
BHO: savernet -> {fb17d7e0-5f62-443d-aa59-0234ee02af98} -> C:\ProgramData\savernet\17viDZh78U1DWv.x64.dll ()
BHO-x32: No Name -> {06e3475c-5521-4de8-bb12-50720f21631c} ->  No File
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} ->  No File
BHO-x32: No Name -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: No Name -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} ->  No File
BHO-x32: savernet -> {fb17d7e0-5f62-443d-aa59-0234ee02af98} -> C:\ProgramData\savernet\17viDZh78U1DWv.dll ()
Toolbar: HKLM-x32 - No Name - {cf51de5b-eb36-4114-bb69-84df63fbadb4} -  No File
Toolbar: HKLM-x32 - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: crawler - {4545C96B-15D0-4E22-8DDE-6F2CAF531281} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
FF Plugin-x32: @RecipeHub_2j.com/Plugin -> C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Extension: deal4me - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\[email protected] [2014-12-19]
FF Extension: SaverAddon - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\[email protected] [2014-12-19]
FF Extension: ProShopper - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\[email protected] [2014-12-21]
FF Extension: Yahoo! Toolbar - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: No Name - ConsumerInput@Compete [Not Found]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /svc [X]
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /medsvc [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
2014-12-21 12:07 - 2014-12-21 12:07 - 00000000 ____D () C:\ProgramData\savernet
2014-12-19 16:35 - 2014-12-19 16:36 - 00000000 ____D () C:\ProgramData\SmartCompare
2014-12-19 16:35 - 2014-12-19 16:36 - 00000000 ____D () C:\ProgramData\SaverAddon
2014-12-19 16:35 - 2014-12-19 16:35 - 00000000 ____D () C:\ProgramData\faalfcfgbnpgfmbeofnfninccoiebffn
2014-12-19 16:35 - 2014-12-19 16:35 - 00000000 ____D () C:\ProgramData\BestDiscountApp
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\MyTurboPC.com
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\Program Files (x86)\MyTurboPC.com
2014-12-19 16:25 - 2014-12-19 16:26 - 06379208 _____ (MyTurboPC.com) C:\Users\Kris\Downloads\Myturbopc(1).exe
2014-12-19 16:25 - 2014-12-19 16:25 - 06379208 _____ (MyTurboPC.com) C:\Users\Kris\Downloads\Myturbopc.exe
2014-12-19 16:19 - 2014-12-19 16:19 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-12-19 16:15 - 2014-12-19 16:15 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-12-21 13:39 - 2014-11-17 13:31 - 00000358 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000.job
2014-12-21 13:36 - 2014-11-17 13:29 - 00000962 _____ () C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2014-12-21 13:03 - 2014-11-17 13:31 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Compete
2014-12-21 13:01 - 2014-11-17 13:31 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-12-21 12:45 - 2014-11-15 11:43 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\systweak
2014-12-21 12:45 - 2014-11-15 11:42 - 00000000 ____D () C:\ProgramData\Systweak
2014-12-21 12:38 - 2014-11-17 10:45 - 00000000 ____D () C:\ProgramData\cea2cad3caee4f45
2014-12-21 12:34 - 2014-11-17 13:29 - 00000966 _____ () C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2014-12-21 12:34 - 2014-11-17 13:29 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
C:\Users\Kris\AppData\Local\Temp\18be6784_.exe
C:\Users\Kris\AppData\Local\Temp\294823_.exe
C:\Users\Kris\AppData\Local\Temp\avguirn_081342301626.exe
C:\Users\Kris\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Kris\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Kris\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Kris\AppData\Local\Temp\optprosetup.exe
C:\Users\Kris\AppData\Local\Temp\psftp.exe
C:\Users\Kris\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Kris\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Kris\AppData\Local\Temp\setup.exe
C:\Users\Kris\AppData\Local\Temp\UNINSTALL.EXE
Task: {2CDD4B80-0EFE-4312-9777-D5B30F1AE60A} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {568E6BEA-F6BF-4CE7-A877-B5995D5A40A1} - \AmiUpdXp No Task File <==== ATTENTION
Task: {8F14A824-0FBF-426A-A3C6-23C8EE5CB985} - System32\Tasks\AVG_SYS_TASK_1114avz => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe [2014-10-08] ()
Task: {943F4C85-FF7C-4116-81B9-CDFFFA5E42EB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {993B97E4-9A23-4A33-86A0-AC1AB92958E2} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {AD4C203C-D0A0-407E-B1FE-09003B1D98DC} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {B6D34BB0-693F-493A-A3BC-79493FF0E55A} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {DBE031A3-D261-4205-93D7-3C3E620DB126} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {E3531C3B-C58C-4F72-AC68-E6D0212E8F19} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {E6759104-7D47-46F9-8484-D8CCFBA0F1EF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {E6EE1F9B-1986-402B-B2D5-2D6C94569AD6} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe <==== ATTENTION
Task: {EF53CF1B-10F9-4CD5-8336-9AF9D9ABB3DB} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_149ce099-4625-4038-9722-c30e91f61d82 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_23e0af0d-6954-4a4f-866e-75012bcc141c => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_73098fbd-996d-4264-9284-cc57a720938b => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
Hosts:
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Post in your next reply:

Fixlog.txt, found on the desktop.
  • 0

#45
juglar21
Posted 21 December 2014 - 04:02 PM

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Hi Joe,

 

need to pick someone up from the Airport in Fort Lauderdale, so will stop in a couple of minutes. Thanks heaps so far and will try to fulfill your tasks as soon as I can

 

best to you, J


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP