still having problems...

Discussion in 'Malware Help (A Specialist Will Reply)' started by misslaura1987, Sep 10, 2015.

  1. misslaura1987

    misslaura1987 Private E-2

    did the run and read me, computer is still super slow and laggy and these "ad choices" links are EVERYWHERE, when i hover over them an ad pops up, very annoying... it was bearable until lastnight, when it seems to have worsened after letting a friend use my computer. i have attached all logs except the TDSSKiller log because it had found no threats and did not give me an option to save a log.
     

    Attached Files:

    Last edited: Sep 10, 2015
    misslaura1987, Sep 10, 2015
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just preparing a fix for you, will post in a few.
     
    Kestrel13!, Sep 10, 2015
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not a malware problems. These are just mouse over ads that popup when your mouse moves over various underlined keywords. Many websites, including Major Geeks, use these as a source of revenue to help offset costs of running a free website and forums like this.


    Uninstall the below:

    • RocketTab


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


    After clicking Fix exit HJT.


    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.




    Now please download OTL by OldTimer.
    • Save it to your desktop.


      We need to run an OTL Fix
      • Right-click OTL.exe to run it as admin. If Windows UAC prompts you, please allow it.
      • Copy and Paste the following code into the textbox. Do not include the word Code

      Code:
      :reg
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com]
[-HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL]
[-HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL]
[-HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}]
[-HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]
[-HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}]
[-HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]
[-HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]
[-HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]
[-HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]
[-HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]
[-HKLM\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}]
[-HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]
[-HKLM\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}]
[-HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
[-HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
[-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1]
[-HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine]
[-HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]
[-HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\Advanced System Protector.bak]
[-HKLM\SOFTWARE\Classes\Wow6432Node\AppID\REI_AxControl.DLL]
[-HKLM\SOFTWARE\Classes\Wow6432Node\AppID\SelectionLinks.DLL]
[-HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6D54287-7939-466A-8579-92546D946C8C}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKLM\SOFTWARE\couponarific]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKLM\SOFTWARE\Reimage]
[-HKLM\SOFTWARE\RST]
[-HKLM\SOFTWARE\Upt]
[-HKLM\SOFTWARE\WinUpd]
[-HKLM\SOFTWARE\Wow6432Node\GlobalUpdate]
[-HKLM\SOFTWARE\Wow6432Node\LookSafe]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerApp_RASAPI32]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerApp_RASMANCS]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
[-HKLM\SOFTWARE\Wow6432Node\NpApp]
[-HKLM\SOFTWARE\Wow6432Node\Object\SelectionLinks]
[-HKLM\SOFTWARE\Wow6432Node\RST]
[-HKLM\SOFTWARE\Wow6432Node\Tune\up]
[-HKLM\SOFTWARE\Wow6432Node\Upt]
[-HKLM\SOFTWARE\Wow6432Node\WinUpd]
[-HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}]
[-HKLM\SOFTWARE\Wow6432Node\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[-HKLM\SOFTWARE\Wow6432Node\{77D46E27-0E41-4478-87A6-AABE6FBCF252}]
[-HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\pastaleadsServiceCore]
[-HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\globalUpdate]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\PowerPack]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Reimage]
[-HKU\S-1-5-21-3522469279-2671779348-2658884174-1001\Software\Tune\up]

:files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Windows\System32\Tasks\LaunchSignup
C:\Windows\System32\Tasks\Reimage Reminder
C:\WINDOWS\system32\tasks\Reimage Reminder
  
:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
      • Then click the Run Fix button at the top.
      • Click Image.
      • OTL may ask to reboot the machine. Please do so if asked.
      • The report should appear in Notepad after the reboot. ATTACH that report in your next reply.




      Now re run Hitman Pro again and attach the new log.

      Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
      Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
    Kestrel13!, Sep 10, 2015
    #3
  4. misslaura1987

    misslaura1987 Private E-2

    like night and day!

    computer is back to itself now!! thank you ! :) :) :)
     

    Attached Files:

    misslaura1987, Sep 10, 2015
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Ensure you're attaching ALL of the logs I requested. Thanks :)
     
    Kestrel13!, Sep 10, 2015
    #5
  6. misslaura1987

    misslaura1987 Private E-2

    oh yeah missed that last part huh ? lol my bad. here they are their entirety
     

    Attached Files:

    misslaura1987, Sep 10, 2015
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Good afternoon :)


    We need to run an OTL Fix

    • Right-click OTL.exe to run it as admin. If Windows UAC prompts you, please allow it.
    • Copy and Paste the following code into the textbox. Do not include the word Code

    Code:
    :reg
[-HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]
[-HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}]
[-HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]
[-HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]
[-HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]
[-HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]
[-HKLM\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}]
[-HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]
[-HKLM\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}]
[-HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
[-HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
[-HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\Advanced System Protector.bak]
[-HKLM\SOFTWARE\couponarific]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKLM\SOFTWARE\Reimage]
[-HKLM\SOFTWARE\RST]
[-HKLM\SOFTWARE\Upt]
[-HKLM\SOFTWARE\WinUpd]

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click Image.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. ATTACH that report in your next reply.


    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now re run Hitman again and attach log.
     
    Kestrel13!, Sep 11, 2015
    #7
  8. misslaura1987

    misslaura1987 Private E-2

    "The keys and values contained in C:\Users\missl_000\Desktop\fixme.reg have been successfully added to the registry."
     

    Attached Files:

    misslaura1987, Sep 11, 2015
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    A few still remain. How comfortable are you with going into the Windows Registry and deleting the ones that remain yourself? Let me know first before you do anything. :)
     
    Kestrel13!, Sep 11, 2015
    #9
  10. misslaura1987

    misslaura1987 Private E-2

    haha, im not scared! when i do your fixes it seems to work fine for a little bit and then it gets laggy again... anything to fix this lag!
     
    misslaura1987, Sep 11, 2015
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Click start > type regedit
    Regedit.exe will appear > right click and run as admin.

    You need to delete the items in BOLD.


    HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
    HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    HKLM\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}
    HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    HKLM\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}
    HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\Advanced System Protector.bak
    HKLM\SOFTWARE\couponarific
    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    HKLM\SOFTWARE\Reimage
    HKLM\SOFTWARE\RST
    HKLM\SOFTWARE\Upt
    HKLM\SOFTWARE\WinUpd


    Once done, rerun Hitman once more and explain how things are running.
     
    Kestrel13!, Sep 12, 2015
    #11
  12. misslaura1987

    misslaura1987 Private E-2

    i copied the first line and searched it in the registry editor but nothing was found... there are no hklm folders, just hkey (i have provided a screen shot). i searched just the bold in the first line and a folder popped up and everything matches up EXCEPT for the hklm. i dont want to proceed with deleting unless i get the go ahead from you...
     

    Attached Files:

    misslaura1987, Sep 14, 2015
    #12
  13. misslaura1987

    misslaura1987 Private E-2

    well, after a google search i realized that hkey/local machine and hklm are one and the same. i tried to edit my last post but ten minutes had already passed, so, sorry for any confusion!

    deleted lines and scanned with hitman, which still found threats... my computer definitely seems to be running much faster now though! i've attached the log!
     

    Attached Files:

    misslaura1987, Sep 14, 2015
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Everything that I wanted gone with Hitman has gone :)

    Ready for final steps?
     
    Kestrel13!, Sep 15, 2015
    #14
  15. misslaura1987

    misslaura1987 Private E-2

    ready! sorry so late, i haven't been getting email notifications of your replies
     
    misslaura1987, Sep 15, 2015
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    8. After doing the above, you should work thru the below link:
     
    Kestrel13!, Sep 16, 2015
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds