FLV Player

Re run Hitman and have it remove what it finds.

The MGlogs.zip that you attached is corrupt somehow. Can you either attach it in the correct format or rerun MGTools.exe again to produce a fresh MGlogs.zip to attach for me please.

 

Uninstall the below using Revo Uninstaller.

• BeeCoupons Smartbar

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs

:reg
[-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS]
[-HKU\S-1-5-21-1851843949-576978046-2803166877-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"HOSTS Anti-Adware_PUPs"=-

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

• Now re run Hitman again and attach log.
• Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
• Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Hi.

Run this Reset Google Chrome to Defaults

How confident are you in the Windows Registry? Can you delete these yourself?

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Now rescan with Hitman again and attach the new log.

 

We'll do it this way instead

Download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Don't forget to reset Chrome....


Now re run Hitman - attach log.

 

Log onto each user and repeat the process on each account. Let me know how you get on. Attach new Hitman log once done.

 

What are these? There's a sandra user and also an S user....

 

Foolow these instructions just to the part whwre it says:

In the users list, who do you see? Does the S account show from here?

 

I forgot the link. Try again as I said folllowing the instructions up to step 7. Tell me if you see that S user there. http://www.tomshardware.co.uk/faq/id-2063938/disable-hidden-administrator-account-windows.html

 

So are you able to delete it from there? :confused (Unfamiliar with Windows 8)

 

Click on this link http://windows.microsoft.com/en-gb/windows/user-accounts-faq#1TC=windows-8

Click on where it says : Can I make changes to another user's account?
Then follow the instructions to: To remove an account from your PC

Let me know how you get on.

 

When Chaslang gets chance he will pop in and take a look. He will be able to shed more light on this than me. Hang in there.

 

You are most welcome.

 

Nope! Avenger is does not support x64 and probably not Windows 8 either.

 

Per TDSSKiller

Per Hitman the PC name and username are: MYSTERIA\S

Per RogueKiller: User : S [Admin rights]

Per MGtools you have two user accounts:

And the one you have been using ( logging in with ) and posting logs for is the C:\Users\S account.
The Sandra user account has not been used since 4/12/2014 per your logs

Code:

d-----w                 0 2014-05-06 16:12:48  C:\Users\S
d-----w                 0 2014-04-12 01:10:01  C:\Users\Sandra

These are user accounts you created. You should not delete the account that you have been logging in with because it may be the one that you really want. You will have to figure that out by trying to login with the Sandra user account to see what the difference is. This is not a malware problem. The accounts are both yours. Please see the below or post in the Software Forum for help with Windows

http://www.pcworld.com/article/2065137/how-to-logoff-in-windows-8.html

 

Not major items but let's try the below to scan for more info.

Please download OTL by OldTimer.

• Save it to your desktop.
• Double-click on the OTL icon on your desktopto run it. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  drives
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Okay your OTL log is clean. I don't think there are really any major malware issues on your PC to be concerned with. Are you actually having any malware problems?

 

This is the main point I was looking to clarify. Those items in Hitman are not really problems. They are just leftover dead registry keys and one folder. You can manually delete the below folder

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Web Data

Removing the registry keys may be more trouble than its worth due to possible registry key permissions within Windows. We could try to do it manually but it could be potentially run into being a lot of work and if you are not really proficient with Windows and the Registry Editior, it could also be dangerous. I suggest you ignore them because they are not really actively doing anything.

No. OTL does not happen to scan for malware. It is just an information provider ( like MGtools ) and just happens to look/list whatever it is designed to list.

 

I really do not know exactly what items you are referring to but since they are not malware issues I will refer you to the Software Forum for questions like this.

Run the below.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!