something bad is going on again!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zocaz, Jul 26, 2015.

  1. zocaz

    zocaz Private E-2

    hi experts. it´s me again. i am not sending you logs from rogue killer and mbam becouse when rk started i got a message in window samething about A DRIVE can not do samething and when rk finished it didn´t find anything.MBAM found 51 potential no good programs (sorry for my english) but i can´t copy the log from it.when i try copy-paste nothing happens. MBAM window is diferent then yours in guide so i dont know what to do.should i run it again rk and mbam?
    and this is what is going on:
    few days ago i updated java from 45 to 51.that is what i remember, but i am not only user of this computer kids are too.i usualy do updates in avast but this time it didnt notify me that update is needed as usualy.i did it anyway.after that (tomorrow) my chrome started to block. then some games installed in computer,then mozzilla.for each of them i was getting a window saying bad image or something like that.i rebooted it and mozzilla and games were working again.but chrome didnt so i uninstal it .next day again browser and games.i could go on line only with explorer.now i cant open several programs,missing few icons on desktop,mozzilla and skype are working when they wont and yesterday something tried to instal it self on my comp so i rebooted it.
    i am starting to think that my xp is slowly going to die.
    please help
    or should i just instal windows 7
     

    Attached Files:

    zocaz, Jul 26, 2015
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hello zocaz :)

    Defaulttab <<< Uninstall this please.


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
    • O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
    • O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    • O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    • O2 - BHO: (no name) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - (no file)
    • O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    • O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
    After clicking Fix exit HJT.




    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Files
C:\Documents and Settings\Milica DJordje Jana\Local Settings\Application Data\globalUpdate
C:\Documents and Settings\Milica DJordje Jana\Local Settings\Application Data\Ilivid Player
C:\Program Files\globalUpdate
C:\Documents and Settings\Milica DJordje Jana\Desktop\e3af~1  
C:\Documents and Settings\Milica DJordje Jana\Desktop\`646d~1       
C:\Documents and Settings\Milica DJordje Jana\Desktop\76ef~1       
C:\Documents and Settings\Milica DJordje Jana\Desktop\2c54~1

:reg
[-HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}]
[-HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}]
[-HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[-HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
[-HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
[-HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}]
[-HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
[-HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0]
[-HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc]
[-HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1]
[-HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr]
[-HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}]
[-HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}]
[-HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}]
[-HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}]
[-HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}]
[-HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}]
[-HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}]
[-HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}]
[-HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}]
[-HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}]
[-HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}]
[-HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}]
[-HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}]
[-HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}]
[-HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}]
[-HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}]
[-HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}]
[-HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}]
[-HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}]
[-HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}]
[-HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}]
[-HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}]
[-HKLM\SOFTWARE\DefaultTab]
[-HKLM\SOFTWARE\GlobalUpdate]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
[-HKLM\SOFTWARE\SProtector]
[-HKLM\SOFTWARE\Uniblue\PowerSuite]
[-HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\Update ClearThink]
[-HKLM\SYSTEM\ControlSet002\Services\globalUpdate]
[-HKLM\SYSTEM\ControlSet002\Services\globalUpdatem]
[-HKLM\SYSTEM\ControlSet002\Services\Update ClearThink]
[-HKLM\SYSTEM\ControlSet004\Services\Eventlog\Application\Update ClearThink]
[-HKLM\SYSTEM\ControlSet005\Services\Eventlog\Application\Update ClearThink]
[-HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update ClearThink]
[-HKU\.DEFAULT\Software\DefaultTab]
[-HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}]
[-HKU\S-1-5-18\Software\DefaultTab]
[-HKU\S-1-5-18\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKU\S-1-5-18\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\1ClickDownload]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\globalUpdate]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Babylon]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7},]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
[-HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Softonic]

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.



    • Run Malware Bytes and attach a log.
    • Run RogueKiller and attach a log.
    • Re run Hitman and attach a new log.
    • Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    • Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
    Kestrel13!, Jul 27, 2015
    #2
  3. zocaz

    zocaz Private E-2

    computer is working fine but i couldn´t get some of logs.for instance i tried to copy text log from mbam but it always copies xml document.rogue is giving me json file and otm immediatly after finishing reboots comp and after i can not find anything in it.if you want i will send you xml from mbam json from rk but from otm i can´t give you anything.as i wrote comp is looking good now but what bodders me is updates for xp.several months ago i updated it and it went all wrong.some guy did somethig and after that it worked again.so my qustion is :
    i know that there is no support for xp any more and if i understand correctly my comp is compatibile with windows 10 (maybe little more ram).can you recommend me what should i do.should i stay on xp or instal 10.do i buy more memory and go for 64 bit or stay on 32 bit.anyway i would like to change something, i think i am tired of xp.i got laptop with w7 -64 bit and i am realy satisfied with it(but it is kids comp not mine).what should i do? and do i send you logs that are not text?
    thanks again for your time .
    you are champions!!!
     

    Attached Files:

    zocaz, Aug 2, 2015
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It's quite simple really, I will attach two images.

    For Malware Bytes you just need to click on Text File option.
    For RogueKiller, you need to click the EXPORT TXT button.
     

    Attached Files:

    Kestrel13!, Aug 2, 2015
    #4
  5. zocaz

    zocaz Private E-2

    ok.i just did not name it in the save box. my bad. sorry.anyway my mozzila crashed and i was getting bad image when i click on it .i rebooted comp and now its working
    there are the logs
     

    Attached Files:

    zocaz, Aug 2, 2015
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You did not let Malware Bytes quarantine what it found, please re run it and have it remove all it finds, then rescan and hopefully attach me a clean log! :)

    You did not uninstall Defaulttab, can you explain why it still shows in the lgos? Did you have difficulty uninstalling it?
    Let me know...


    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DefaultTabSearch (C:\Program Files\DefaultTab\DefaultTabSearch.exe) -> Found
    • [PUP|Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DefaultTabUpdate ("C:\Documents and Settings\Milica DJordje Jana\Application Data\defaulttab\defaulttab\dtupdate.exe") -> Found
    • [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc) -> Found
    • [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.


    I'd like you to re run OTM, nothing appears to have been deleted. Run it the same way as I told you to in post #2 please.

    So attach the (hopefully clean) Malware Bytes log.
    Address any questions I asked.
    Re run RogueKiller again (just a scan now)
    Re run Hitman Pro and attach new log.
     
    Kestrel13!, Aug 2, 2015
    #6
  7. zocaz

    zocaz Private E-2

    ok.there are the logs.i overviewed defaulttab.i still can´t get otm log.there is nothing in it.i am opening folder by folder and the last one is always empty.what should i do?
    i didn`t understand ˝ADDRESS ANY QUESTIONS I ASKED˝.please explain
     

    Attached Files:

    zocaz, Aug 3, 2015
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now re run Hitman yet again and attach the newest log for me to see.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Aug 3, 2015
    #8
  9. zocaz

    zocaz Private E-2

    hi
    yes,there was a success message and there are the logs.i must tell you that i turned off automatic updates.is it ok?
     

    Attached Files:

    zocaz, Aug 4, 2015
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Those entries just will not delete. How do you feel about going into the Windows Registry to get them deleted yourself? Let me know! :)
     
    Kestrel13!, Aug 4, 2015
    #10
  11. zocaz

    zocaz Private E-2

    I would feel fine as long as you guide me :confused
     
    zocaz, Aug 4, 2015
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Certainly will. :)



    Follow these steps to create a system restore point first:

    • Click Start, click Run, type %SystemRoot%\system32\restore\rstrui.exe, and then click OK.
    • On the Welcome to System Restore page, click Create a restore point, and then click Next.
    • On the Create a Restore Point page, type a name for the restore point and then click Create.
    • After the restore point is created, click Close.

    Note If System Restore is turned off, you receive a message that asks whether you want to turn on System Restore now. Click Yes. Then, in the System Properties dialog box, click to clear the Turn off System Restore check box, click OK, and then repeat this step.

    Click on the start button > Now click RUN... in the search box, or run window type the following:

    regedit

    and then press ENTER. The Registry Editor will open.
    Follow the paths given below to find and delete the entries I have listed in BOLD. Do NOT delete anything that is not in bold.



    HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
    HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
    HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr)
    HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
    HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
    HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
    HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
    HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
    HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
    HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
    HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
    HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
    HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
    HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
    HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
    HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
    HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
    HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
    HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
    HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
    HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
    HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
    HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
    HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
    HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
    HKLM\SOFTWARE\GlobalUpdate
    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    HKLM\SOFTWARE\SProtector
    HKLM\SOFTWARE\Uniblue\PowerSuite
    HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\Update ClearThink
    HKLM\SYSTEM\ControlSet002\Services\Update ClearThink
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\1ClickDownload
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\globalUpdate
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Babylon
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7}
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    HKU\S-1-5-21-1715567821-602609370-839522115-1003\Software\Softonic


    Once done, reboot the machine and rescan with Hitman Pro and attach latest log.
     
    Kestrel13!, Aug 5, 2015
    #12
  13. zocaz

    zocaz Private E-2

    i think my eyes fell out from my head.how do you do this every day?
    i hope i did it good.
    and here comes the log
    bye
     

    Attached Files:

    zocaz, Aug 5, 2015
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    LOL

    I love it. I must be weird. :)

    How are things running?
     
    Kestrel13!, Aug 5, 2015
    #14
  15. zocaz

    zocaz Private E-2

    looking good.what do i do with all your tools?and with updates?is it possible that i can not update anything becouse my windows is not licenced. or maybe i can now but i´m scared to try.
    well,for now is ok. i haven´t tried everything yet but i will inform you for sure.
    thanks again
    bye
    ps.i can´t post a smilie .what happened (it´s the one who waves)
     
    zocaz, Aug 6, 2015
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What do you mean by not licensed?
     
    Kestrel13!, Aug 6, 2015
    #16
  17. zocaz

    zocaz Private E-2

    i mean that i didn´t buy it.i think that this is somebodies copy or downloaded from web, i don´t know.when i bought comp some guy came with disk and installed it.maybe i´m wrong . am i?
     
    zocaz, Aug 6, 2015
    #17
  18. zocaz

    zocaz Private E-2

    i am geting again message that mozzila is a bad image so i have to reboot.
    and avast notified me 10 min ago that he is blocking chrome instaler exe becouse it is malware.
    and i don´t have it .i unistalled it couple days ago when we started this
     
    zocaz, Aug 6, 2015
    #18
  19. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Avast is just doing it's job. ;) All those other issues are not malware related. Ready for final steps?
     
    Kestrel13!, Aug 6, 2015
    #19
  20. zocaz

    zocaz Private E-2

    can´t wait!!!
     
    zocaz, Aug 7, 2015
    #20
  21. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    Kestrel13!, Aug 7, 2015
    #21

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds