Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: nari_ka on July 28, 2014, 03:25:24 AM

Title: Pop ups and redirects - First Scan Logs
Post by: nari_ka on July 28, 2014, 03:25:24 AM

Hello,
I am attempting to fix the malware issue on a Windows 7 Laptop. Ive run CCleaner, AdwCleaner and Malware Bytes.
Well, not sure if I should send the scan log or the clean log from AdwCleaner, but here they are both:

# AdwCleaner v3.300 - Report created 27/07/2014 at 22:38:25
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : me - DELL
# Running from : C:\Users\me\Downloads\adwcleaner_3.300.exe
# Option : Clean

***** [ Services ] *****

• Service Deleted : BackupStack
• Service Deleted : globalUpdate
• Service Deleted : globalUpdatem

Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\P-HD-V1.4
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\me\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\me\AppData\Local\globalUpdate
Folder Deleted : C:\Users\me\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\me\AppData\Roaming\Advanced System Protector
Folder Deleted : C:\Users\me\AppData\Roaming\Systweak
Folder Deleted : C:\Users\me\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\MyPC Backup
Folder Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\me\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\me\Desktop\Sync Folder.lnk
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\searchplugins\trovi-search.xml

***** [ Tâches planifiées ] *****

Tâche supprimée : globalUpdateUpdateTaskMachineCore
Tâche supprimée : globalUpdateUpdateTaskMachineUA
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-1
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5
Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5_user

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511831162}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511831162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511831162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511831162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\P-HD-V1.4
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\InstalledBrowserExtensions
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\P-HD-V1.4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P-HD-V1.4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\prefs.js ]

Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m58362.58362.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362n58362e58362w58362t 58362a58362b58362.58362u58362r583[...]
Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362d58362e583[...]
Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362s58362e583[...]
Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362t58362a58362r 58362t58362u58362p58362.58362h583[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1476194b641d022438bb5cc414066b94");

*************************

AdwCleaner[R0].txt - [15114 octets] - [27/07/2014 22:36:43]
AdwCleaner[S0].txt - [15437 octets] - [27/07/2014 22:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15498 octets] ##########

# AdwCleaner v3.300 - Report created 27/07/2014 at 22:36:43
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : me - DELL
# Running from : C:\Users\me\Downloads\adwcleaner_3.300.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack
Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\searchplugins\trovi-search.xml
File Found : C:\Users\me\Desktop\MyPC Backup.lnk
File Found : C:\Users\me\Desktop\Sync Folder.lnk
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\P-HD-V1.4
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\me\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\me\AppData\Local\globalUpdate
Folder Found : C:\Users\me\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\me\AppData\Roaming\Advanced System Protector
Folder Found : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\MyPC Backup
Folder Found : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com
Folder Found : C:\Users\me\AppData\Roaming\Systweak
Folder Found : C:\Users\me\AppData\Roaming\VOPackage

***** [ Scheduled Tasks ] *****

Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-1
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5
Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5_user

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\P-HD-V1.4
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511831162}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511831162}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\systweak
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511831162}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511831162}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P-HD-V1.4
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\Software\P-HD-V1.4
Key Found : HKLM\Software\systweak
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\prefs.js ]

Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m58362.58362.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362n58362e58362w58362t 58362a58362b58362.58362u58362r583[...]
Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362d58362e583[...]
Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362s58362e583[...]
Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362t58362a58362r 58362t58362u58362p58362.58362h583[...]
Line Found : user_pref("extensions.crossrider.bic", "1476194b641d022438bb5cc414066b94");

*************************

AdwCleaner[R0].txt - [14972 octets] - [27/07/2014 22:36:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15033 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/27/2014
Scan Time: 11:10:35 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.28.01
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: me

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259004
Time Elapsed: 6 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{39A17362-9C1D-4907-9428-0D28A94DC79D}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{627A968A-03E6-41C7-B11B-4E442B376F95}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\INPROCSERVER32, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
Adware.GameVance, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1C3E833-420E-4D78-9BA7-86AEBB272384}, Quarantined, [a839b9eb2754d85e41fd1eef6c95916f],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1C3E833-420E-4D78-9BA7-86AEBB272384}, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\P-HD-V1.4, Quarantined, [ac35762ed9a2ff3737754e8008fa6898],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits, Quarantined, [e00140649be09c9ad0509a6e7c881ee2],
PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits, Quarantined, [f1f03173d9a252e4c762a56441c304fc],

Files: 11
PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\Toparcadehits.dll, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
Adware.GameVance, C:\Users\me\AppData\Local\TopArcadeHits\uninstaller.exe, Quarantined, [a839b9eb2754d85e41fd1eef6c95916f],
Adware.GameVance, C:\Users\me\AppData\Local\TopArcadeHits\updater.exe, Quarantined, [a1400d9789f2ab8be05eb35add24946c],
PUP.Optional.TopArcadeHits.A, C:\Windows\System32\Tasks\TopArcadeHits, Quarantined, [c819ecb8700bec4a1e1941917b8738c8],
Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url, Quarantined, [e00140649be09c9ad0509a6e7c881ee2],
Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk, Quarantined, [e00140649be09c9ad0509a6e7c881ee2],
PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\tah.config, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\Toparcadehitsbrkr.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\uninstaller.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\updater.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
PUP.Optional.TopArcadeHits.A, C:\Windows\Tasks\TopArcadeHits.job, Quarantined, [e6fb3e666e0d82b4c86299709b69db25],

Physical Sectors: 0
(No malicious items detected)


(end)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There is one more scan I need to do but I thought I'd send this on first.
Thank you!
Nari

Title: Re: Pop ups and redirects - First Scan Logs
Post by: nari_ka on July 28, 2014, 03:32:48 AM

I've scanned the computer with Security Check, here is the log:

 Results of screen317's Security Check version 0.99.86 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!! (http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1)[/b]
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 CCleaner     
 Java 7 Update 40 
 Java version out of Date!
 Adobe Flash Player    14.0.0.145 
 Adobe Reader XI 
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 me Desktop MWRmv Malwarebytes Anti-Malware\mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]


Unfortunately, I don't know many details about this problem other than it has pop ups and redirects in the browser. Since I started this process, it seems to be happening less. I don't believe there is any virus protection on this computer, either.
Keep me posted as to what my next steps are.
Thank you!
Nari

Title: Re: Pop ups and redirects - First Scan Logs
Post by: SuperDave on July 28, 2014, 01:31:35 PM

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) MicroSoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions)  All versions and all languages.
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*****************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

****************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version (http://www.java.com/en/download/installed.jsp)

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this  (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*************************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

Title: Re: Pop ups and redirects - First Scan Logs
Post by: nari_ka on August 01, 2014, 04:38:58 AM

Hello Dave,
Here are my logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by me on Thu 07/31/2014 at 10:14:59.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544834462}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544834462}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\zxfy6o7p.default\prefs.js

user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362s58362o58362c58362i58362a583 62l58362.58362m58362a58362n58362i58362f 58362e58
Emptied folder: C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\zxfy6o7p.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/31/2014 at 10:22:21.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.01.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
me :: DELL [administrator]

7/31/2014 11:54:42 PM
mbar-log-2014-07-31 (23-54-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 262094
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Title: Re: Pop ups and redirects - First Scan Logs
Post by: SuperDave on August 01, 2014, 02:36:31 PM

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
 ESET OnlineScan (http://eset.com/onlinescan)

•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
  

•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Title: Re: Pop ups and redirects - First Scan Logs
Post by: nari_ka on August 01, 2014, 11:48:32 PM

Hello Dave,
So, looks like the ESET scanner found only the things the Adwcleaner found. It gives me the option to delete the quarantined files, should I check that box before closing the application? The scan took 8 hours to complete!
By the way, I thought I'd mention that although the browser is not redirecting anymore, I keep getting the AVG search page every time I open a new tab, even though I have it set to Google. Its quite tenacious!
Here is the ESET scan:

C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\0b5f3c30-03a2-4d63-9f31-3c1cc7310cde.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11.exe.vir   a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2.exe.vir   a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3.exe.vir   a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4.exe.vir   a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5.exe.vir   a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.xpi.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\c3a53950-de1f-44cf-89f5-2bedead76b9d.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bg.exe.vir   a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bho.dll.vir   a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-codedownloader.exe.vir   a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com\extensionData\plugins\91.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir   Win32/Systweak.G potentially unwanted application   deleted - quarantined
C:\Users\me\Downloads\ccsetup416.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   deleted - quarantined
C:\Users\me\Downloads\ccsetup416pro.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   deleted - quarantined


`````````````````````````````````````````````````````````````````````````````````


if you wanted me to post the log in the ESET folder, here it is:


ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3fc27dbb2888eb4f8ffa7af9f95d2b09
# engine=19461
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-02 05:31:42
# local_time=2014-08-01 07:31:42 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 0 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 158502293 0 0
# scanned=115658
# found=16
# cleaned=16
# scan_time=30745
sh=5EF6DD1EE9CB46A8A3C0FC447C20FA4DD5697AAF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\0b5f3c30-03a2-4d63-9f31-3c1cc7310cde.crx.vir"
sh=F9AC0FE1D87D994A4FFAA7F98F6E6A67586DF6AC ft=1 fh=c0c52e2e9dc7d1d3 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11.exe.vir"
sh=885A46553671BF175DD043DBAC12857626F09534 ft=1 fh=67ef0ac222edb61f vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2.exe.vir"
sh=F9AC0FE1D87D994A4FFAA7F98F6E6A67586DF6AC ft=1 fh=c0c52e2e9dc7d1d3 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3.exe.vir"
sh=4C2C17F17A7990B361162880FA91913322338334 ft=1 fh=a4dd8b1dd1c6433a vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4.exe.vir"
sh=9BBC1C271914ADD8788D80C7F3365DD3568ABAA7 ft=1 fh=97b22a3307d0ae49 vn="a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5.exe.vir"
sh=5EF6DD1EE9CB46A8A3C0FC447C20FA4DD5697AAF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.crx.vir"
sh=4A7F9590451984E4AC955F678AF8201AA29040A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.xpi.vir"
sh=5C8EFBA2EAEE7E989EBED04B0257BB4797F496C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\c3a53950-de1f-44cf-89f5-2bedead76b9d.crx.vir"
sh=04D3E7039A01857AC61A04C31D89752F0EA94556 ft=1 fh=4bcab78a325497f3 vn="a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bg.exe.vir"
sh=535AAE99E5238930A5BC6AA9F366E1953C9CA044 ft=1 fh=320c67522b4fa4b8 vn="a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bho.dll.vir"
sh=355F5998A37A0E3D824FF261BE7918DCE8FD7D4D ft=1 fh=2c76fa261b127937 vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-codedownloader.exe.vir"
sh=B730BC81AFB3E390C9D638D2AD48C5DAE83E3975 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com\extensionData\plugins\91.js.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\me\Downloads\ccsetup416.exe"
sh=BDD1A02CE4D1C21C15110710454D7B7E3602F2BF ft=1 fh=8eedbadeca69cb97 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\me\Downloads\ccsetup416pro.exe"

Title: Re: Pop ups and redirects - First Scan Logs
Post by: SuperDave on August 02, 2014, 01:14:58 PM

Quote

looks like the ESET scanner found only the things the Adwcleaner found. It gives me the option to delete the quarantined files, should I check that box before closing the application?

You can open AdwCleaner and remove the quarantined files there. We will be removing all these tools when we're finished.

Quote

By the way, I thought I'd mention that although the browser is not redirecting anymore, I keep getting the AVG search page every time I open a new tab, even though I have it set to Google. Its quite tenacious!

AVG can be quite frustrating. You should consider another free AV from the list below.

Remember to only install one antivirus!
 
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) MicroSoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions)  All versions and all languages.
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my

default search provider" and "Make Comodo Search my homepage" if you choose this one)

It is strongly recommended that you run only one antivirus program at a time. Having more than one

antivirus program active in memory uses additional resources and can result in program conflicts and

false virus alerts. If you choose to install more than one antivirus program on your computer, then only

one of them should be active in memory at a time.
*********************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***********************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web  (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Title: Re: Pop ups and redirects - First Scan Logs
Post by: nari_ka on August 05, 2014, 01:26:12 PM

Hello Dave,
One last question, for some reason, I wanted to put all these tools in a folder on my desktop, just to keep it all easy to find, perhaps. After I ran Delfix, the folder I created is still there with all the Malware removal tools and their logs still inside. Would it be safe to just delete the folder? I have tried everything possible mentioned on the web on how to completely get rid of AVG and finally did a search on my computer and found a bunch of AVG "safe search" files in this folder in a AdwCleaner quarantine folder...
Thanks again for all your help.
N
Just for kicks, here is my log from Delfix:


# DelFix v10.8 - Logfile created 05/08/2014 at 09:18:13
# Updated 29/07/2014 by Xplode
# Username : me - DELL
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\me\Downloads\adwcleaner_3.300.exe
Deleted : C:\Users\me\Downloads\adwcleaner_3.302.exe
Deleted : C:\Users\me\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #61 [Windows 7 Service Pack 1 | 07/31/2014 09:23:32]
Deleted : RP #62 [Windows Update | 08/03/2014 02:56:10]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Title: Re: Pop ups and redirects - First Scan Logs
Post by: SuperDave on August 05, 2014, 07:09:36 PM

Quote

One last question, for some reason, I wanted to put all these tools in a folder on my desktop, just to keep it all easy to find, perhaps. After I ran Delfix, the folder I created is still there with all the Malware removal tools and their logs still inside. Would it be safe to just delete the folder? I have tried everything possible mentioned on the web on how to completely get rid of AVG and finally did a search on my computer and found a bunch of AVG "safe search" files in this folder in a AdwCleaner quarantine folder...

Yes, you should delete that folder. If you wish, you can download and install MBAM and AdwCleaner on your computer. Keep them updated and run them on a regular basis to keep your computer clean. As for AVG, you can run this tool to completely remove it.

AVG Antivirus - AVG Anti-virus Removal Tool (http://www.softpedia.com/get/Tweak/Uninstallers/AVG-Remover.shtml)