Windows 8 Meh

Just skip that step and continue on.

 

You should be running this procedure's guide:

Vista & Windows 7 Malware Removal/Cleaning Procedure

Here's how it looks on Win 7 -

 

No logs have been attached by you, and you should be following the link that I posted. (The title merely needs a edit)

 

No problem, I'll be floating around somewhere.

 

What happened to the MGlogs.zip? I need to see that too please.

 

You need to run MGTools.exe again and attach the new MGLogs.zip that it will produce.

 

The Malware Bytes log is not showing you took action on what it found. Please rescan with it, if it finds anything let it remove it, and attach the new log for me to see.


Uninstall the below using Revo Uninstaller.

• AnyProtect
• Optimizer Pro v3.2
• ShoopupaeerMaSTer
• suaaveuitKeep.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\Users\Kaileigh Blessing\Downloads\flv_installer.exe
C:\WINDOWS\system32\drivers\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64.sys
C:\WINDOWS\system32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys
C:\Program Files (x86)\Optimizer Pro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
C:\Users\Karl\AppData\Roaming\Optimizer Pro
C:\Users\Karl\Documents\Optimizer Pro
C:\Windows\System32\Tasks\Optimizer Pro Schedule
C:\Users\Karl\AppData\Local\nsc7932.tmp
C:\Users\Karl\AppData\Roaming\aps.scan.quick.results
C:\Users\Karl\AppData\Roaming\aps.scan.results
C:\Users\Karl\AppData\Roaming\aps.uninstall.scan.results
C:\ProgramData\edec8c2e545b7f48
C:\ProgramData\Microsoft Help
C:\ProgramData\Package Cache
C:\ProgramData\ShoopupaeerMaSTer
C:\ProgramData\suaaveuitKeep
C:\Program Files (x86)\AnyProtectEx
C:\WINDOWS\tasks\APSnotifierPP1.job
C:\WINDOWS\tasks\APSnotifierPP2.job
C:\WINDOWS\tasks\APSnotifierPP3.job

:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1989B5DE-F9B7-4B95-AA6F-224D71D38826}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
[-HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
[-HKLM\SOFTWARE\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}]
[-HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
[-HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-21-436145245-980046301-1230193741-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-21-436145245-980046301-1230193741-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com]
[-HKU\S-1-5-21-436145245-980046301-1230193741-1001\Software\Microsoft\Internet Explorer\SearchScopes\{05B1BF1C-D6EB-4ECA-A7E9-363249F06023}]
[-HKU\S-1-5-21-436145245-980046301-1230193741-1001\Software\Optimizer Pro]
[-HKU\S-1-5-21-436145245-980046301-1230193741-1004\Software\Microsoft\Internet Explorer\SearchScopes\{102B9889-ED1A-4867-8B30-2BCA67E9E3FB}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{05B1BF1C-D6EB-4ECA-A7E9-363249F06023}]

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




Follow the instructions below to reset Chrome to defaults...

Reset Google Chrome to defaults



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now re run Hitman (just a scan) and attach log.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! And don't forget the log from Malware Bytes.

 

OK, continue on with the rest of the instructions.

 

Run JRT in safe mode.

 

No problem.

Starting up in safe mode. Windows 8

 

Take time to carefully uninstall this below list of garbage, you already have Revo Uninstaller, use that, and do let me know if you have any issues!!

• LLuckyCoupOn
• LTCM Client
• ShoopupaeerMaSTer
• suaaveuitKeep.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\ProgramData\PC Drivers HeadQuarters
C:\ProgramData\PicRec
C:\ProgramData\ProductData
C:\ProgramData\UAB
C:\Program Files (x86)\PC Drivers HeadQuarters
C:\Program Files (x86)\PicRec (x86)
C:\Windows\System32\Tasks\Optimizer Pro Schedule

:reg
[-HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule]
[-HKU\S-1-5-21-436145245-980046301-1230193741-1004\Software\Microsoft\Internet Explorer\SearchScopes\{102B9889-ED1A-4867-8B30-2BCA67E9E3FB}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1989B5DE-F9B7-4B95-AA6F-224D71D38826}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}]

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




I believe you will have to go into each of the following accounts now and reset Google Chrome to defaults.

• Kaileigh Blessing
• Karl
• Kitty Blessing

Instructions on how to do so are here: Reset Google Chrome to defaults


Did you forget to attach the JRT log? :confused


Now that you have reset Chrome on each of those accounts, from your own account (as we have been doing all along) re run Hitman Pro and attach log.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!

 

If Revo does not show those programs then try basic add/remove yes. If that fails, let me know...

 

Yes, there is another way. But for now, just continue on with other instructions and skip that step.

 

You need to uninstall and reinstall Google Chrome (using Revo) on the accounts you can access please.


Delete this if it shows:
C:\Windows\System32\Tasks\Optimizer Pro Schedule

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Re run Hitman Pro again and attach log.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Where? At what location? Can a log from Iobit be attached?

Okay, I think it didn't work because you need to be in the Kaileigh Blessing account to follow these instructions.


Delete this:

• C:\Windows\System32\Tasks\Optimizer Pro Schedule

How do you feel about going into the Windows Registry, again staying on the Kaileigh Blessing account, and deleting these manualy yourself? Let me know if not.

• HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule
• HKU\S-1-5-21-436145245-980046301-1230193741-1004\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
• HKU\S-1-5-21-436145245-980046301-1230193741-1004\Software\Microsoft\Internet Explorer\SearchScopes\{102B9889-ED1A-4867-8B30-2BCA67E9E3FB}

Now unfortunately to fully put Google Chrome back, you will need to uninstall all of these (using Revo) on each of the accounts on this machine:

• Google Chrome
• Google Drive
• Google Update Helper

Now rescan with Hitman before you reinstall Google Chrome.

Attach log.

 

Yes, might as well check all accounts for uninstallables.

With the Windows Registry, you would just click start > type regedit
Regedit.exe will pop up, right click it and run it.
It's just a case of navigating to the bolded items I listed, using the Registry much like Windows Explorer.

 

I'm sorry...what? What were you trying to do at the time when you got that message? :confused

 

I did say Kaileigh.

No tricks, it's just navigating through a folder like structure until you get to what I want you to remove, much like following a file path to find a file or foder.