Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Pop ups and redirects - First Scan Logs  (Read 10688 times)

0 Members and 1 Guest are viewing this topic.

nari_ka

    Topic Starter


    Rookie
    • Experience: Familiar
    • OS: Windows 8
    Pop ups and redirects - First Scan Logs
    « on: July 28, 2014, 03:25:24 AM »
    Hello,
    I am attempting to fix the malware issue on a Windows 7 Laptop. Ive run CCleaner, AdwCleaner and Malware Bytes.
    Well, not sure if I should send the scan log or the clean log from AdwCleaner, but here they are both:

    # AdwCleaner v3.300 - Report created 27/07/2014 at 22:38:25
    # Updated 27/07/2014 by Xplode
    # Operating System : Windows 7 Ultimate  (32 bits)
    # Username : me - DELL
    # Running from : C:\Users\me\Downloads\adwcleaner_3.300.exe
    # Option : Clean

    ***** [ Services ] *****

    • Service Deleted : BackupStack
    • Service Deleted : globalUpdate
    • Service Deleted : globalUpdatem

    Service Deleted : vToolbarUpdater18.1.7

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files\globalUpdate
    Folder Deleted : C:\Program Files\MyPC Backup
    Folder Deleted : C:\Program Files\P-HD-V1.4
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\me\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\me\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\me\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\me\AppData\Roaming\Advanced System Protector
    Folder Deleted : C:\Users\me\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\me\AppData\Roaming\VOPackage
    Folder Deleted : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\MyPC Backup
    Folder Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com
    File Deleted : C:\Windows\system32\roboot.exe
    File Deleted : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\MyPC Backup.lnk
    File Deleted : C:\Users\me\Desktop\MyPC Backup.lnk
    File Deleted : C:\Users\me\Desktop\Sync Folder.lnk
    File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
    File Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\searchplugins\trovi-search.xml

    ***** [ Tâches planifiées ] *****

    Tâche supprimée : globalUpdateUpdateTaskMachineCore
    Tâche supprimée : globalUpdateUpdateTaskMachineUA
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-1
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5
    Tâche supprimée : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5_user

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511831162}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511831162}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511831162}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511831162}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\SearchProtectINT
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\P-HD-V1.4
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\GlobalUpdate
    Key Deleted : HKLM\Software\InstalledBrowserExtensions
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\P-HD-V1.4
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P-HD-V1.4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16502


    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\prefs.js ]

    Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m58362.58362.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
    Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362n58362e58362w58362t 58362a58362b58362.58362u58362r583[...]
    Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362d58362e583[...]
    Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362s58362e583[...]
    Line Deleted : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362t58362a58362r 58362t58362u58362p58362.58362h583[...]
    Line Deleted : user_pref("extensions.crossrider.bic", "1476194b641d022438bb5cc414066b94");

    *************************

    AdwCleaner[R0].txt - [15114 octets] - [27/07/2014 22:36:43]
    AdwCleaner[S0].txt - [15437 octets] - [27/07/2014 22:38:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15498 octets] ##########

    # AdwCleaner v3.300 - Report created 27/07/2014 at 22:36:43
    # Updated 27/07/2014 by Xplode
    # Operating System : Windows 7 Ultimate  (32 bits)
    # Username : me - DELL
    # Running from : C:\Users\me\Downloads\adwcleaner_3.300.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : BackupStack
    Service Found : globalUpdate
    Service Found : globalUpdatem
    Service Found : vToolbarUpdater18.1.7

    ***** [ Files / Folders ] *****

    File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
    File Found : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\MyPC Backup.lnk
    File Found : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\searchplugins\trovi-search.xml
    File Found : C:\Users\me\Desktop\MyPC Backup.lnk
    File Found : C:\Users\me\Desktop\Sync Folder.lnk
    File Found : C:\Windows\system32\roboot.exe
    Folder Found : C:\Program Files\AVG SafeGuard toolbar
    Folder Found : C:\Program Files\Common Files\AVG Secure Search
    Folder Found : C:\Program Files\globalUpdate
    Folder Found : C:\Program Files\MyPC Backup
    Folder Found : C:\Program Files\P-HD-V1.4
    Folder Found : C:\ProgramData\AVG SafeGuard toolbar
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\Users\me\AppData\Local\AVG SafeGuard toolbar
    Folder Found : C:\Users\me\AppData\Local\globalUpdate
    Folder Found : C:\Users\me\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Found : C:\Users\me\AppData\Roaming\Advanced System Protector
    Folder Found : C:\Users\me\AppData\Roaming\Microsoft\Windows\Start menu\Programs\MyPC Backup
    Folder Found : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com
    Folder Found : C:\Users\me\AppData\Roaming\Systweak
    Folder Found : C:\Users\me\AppData\Roaming\VOPackage

    ***** [ Scheduled Tasks ] *****

    Task Found : globalUpdateUpdateTaskMachineCore
    Task Found : globalUpdateUpdateTaskMachineUA
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-1
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5
    Task Found : a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5_user

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\P-HD-V1.4
    Key Found : HKCU\Software\AVG SafeGuard toolbar
    Key Found : HKCU\Software\GlobalUpdate
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511831162}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511831162}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\SearchProtectINT
    Key Found : HKCU\Software\systweak
    Key Found : HKLM\Software\AVG SafeGuard toolbar
    Key Found : HKLM\Software\AVG Security Toolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511831162}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1
    Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\GlobalUpdate
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Found : HKLM\Software\InstalledBrowserExtensions
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511831162}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P-HD-V1.4
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Key Found : HKLM\Software\P-HD-V1.4
    Key Found : HKLM\Software\systweak
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16502


    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\prefs.js ]

    Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m58362.58362.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
    Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362n58362e58362w58362t 58362a58362b58362.58362u58362r583[...]
    Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362d58362e583[...]
    Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362e58362a58362r 58362c58362h58362.58362s58362e583[...]
    Line Found : user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362b58362r58362o58362w58362s583 62e58362r58362.58362s58362t58362a58362r 58362t58362u58362p58362.58362h583[...]
    Line Found : user_pref("extensions.crossrider.bic", "1476194b641d022438bb5cc414066b94");

    *************************

    AdwCleaner[R0].txt - [14972 octets] - [27/07/2014 22:36:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15033 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/27/2014
    Scan Time: 11:10:35 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.28.01
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x86
    File System: NTFS
    User: me

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 259004
    Time Elapsed: 6 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 12
    PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{39A17362-9C1D-4907-9428-0D28A94DC79D}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{627A968A-03E6-41C7-B11B-4E442B376F95}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\INPROCSERVER32, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    Adware.GameVance, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1C3E833-420E-4D78-9BA7-86AEBB272384}, Quarantined, [a839b9eb2754d85e41fd1eef6c95916f],
    PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-987213009-2929140832-2469461819-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1C3E833-420E-4D78-9BA7-86AEBB272384}, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
    PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\P-HD-V1.4, Quarantined, [ac35762ed9a2ff3737754e8008fa6898],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits, Quarantined, [e00140649be09c9ad0509a6e7c881ee2],
    PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits, Quarantined, [f1f03173d9a252e4c762a56441c304fc],

    Files: 11
    PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\Toparcadehits.dll, Quarantined, [10d1673dbebdac8a9a28aee7679be719],
    Adware.GameVance, C:\Users\me\AppData\Local\TopArcadeHits\uninstaller.exe, Quarantined, [a839b9eb2754d85e41fd1eef6c95916f],
    Adware.GameVance, C:\Users\me\AppData\Local\TopArcadeHits\updater.exe, Quarantined, [a1400d9789f2ab8be05eb35add24946c],
    PUP.Optional.TopArcadeHits.A, C:\Windows\System32\Tasks\TopArcadeHits, Quarantined, [c819ecb8700bec4a1e1941917b8738c8],
    Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url, Quarantined, [e00140649be09c9ad0509a6e7c881ee2],
    Adware.GameVance, C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk, Quarantined, [e00140649be09c9ad0509a6e7c881ee2],
    PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\tah.config, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
    PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\Toparcadehitsbrkr.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
    PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\uninstaller.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
    PUP.Optional.TopArcadeHits.A, C:\Users\me\AppData\Local\TopArcadeHits\updater.exe, Quarantined, [f1f03173d9a252e4c762a56441c304fc],
    PUP.Optional.TopArcadeHits.A, C:\Windows\Tasks\TopArcadeHits.job, Quarantined, [e6fb3e666e0d82b4c86299709b69db25],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    There is one more scan I need to do but I thought I'd send this on first.
    Thank you!
    Nari
    Logged

    nari_ka

      Topic Starter


      Rookie
      • Experience: Familiar
      • OS: Windows 8
      Re: Pop ups and redirects - First Scan Logs
      « Reply #1 on: July 28, 2014, 03:32:48 AM »
      I've scanned the computer with Security Check, here is the log:

       Results of screen317's Security Check version 0.99.86 
       Windows 7  x86 (UAC is enabled) 
       Out of date service pack!![/b]
       Internet Explorer 11 
      ``````````````Antivirus/Firewall Check:``````````````[/u]
       Windows Firewall Enabled! 
       WMI entry may not exist for antivirus; attempting automatic update.
      `````````Anti-malware/Other Utilities Check:`````````[/u]
       CCleaner     
       Java 7 Update 40 
       Java version out of Date!
       Adobe Flash Player    14.0.0.145 
       Adobe Reader XI 
       Mozilla Firefox (30.0)
      ````````Process Check: objlist.exe by Laurent````````[/u] 
       Malwarebytes Anti-Malware mbamservice.exe 
       Malwarebytes Anti-Malware mbam.exe 
       me Desktop MWRmv Malwarebytes Anti-Malware\mbamscheduler.exe
      `````````````````System Health check`````````````````[/u]
       Total Fragmentation on Drive C: 1%
      ````````````````````End of Log``````````````````````[/u]


      Unfortunately, I don't know many details about this problem other than it has pop ups and redirects in the browser. Since I started this process, it seems to be happening less. I don't believe there is any virus protection on this computer, either.
      Keep me posted as to what my next steps are.
      Thank you!
      Nari
      Logged

      SuperDave

      • Malware Removal Specialist


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Pop ups and redirects - First Scan Logs
      « Reply #2 on: July 28, 2014, 01:31:35 PM »
      Looking over your log it seems you don't have any antivirus software.

      Before we continue download and install a free antivirus.

      Remember to only install one antivirus!
       
      1) Avast! Home Edition
      2) AVG Free Edition
      3) Avira AntiVir Personal
      4) MicroSoft Security Essentials   All versions and all languages.
      5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
      6) PC Tools AntiVirus Free Edition

      It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
      *****************************************************
      Go to Microsoft Windows Update and get all critical updates.

      ****************************************************
      Update Your Java (JRE)

      Old versions of Java have vulnerabilities that malware can use to infect your system.

      First Verify your Java Version

      If there are any other version(s) installed then update now.

      Get the new version (if needed)

      If your version is out of date install the newest version of the Sun Java Runtime Environment.

      Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

      Be sure to close ALL open web browsers before starting the installation.

      Remove any old versions

      1. Download JavaRa and unzip the file to your Desktop.
      2. Open JavaRA.exe and choose Remove Older Versions
      3. Once complete exit JavaRA.

      Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
      *******************************************
      Please download Junkware Removal Tool to your desktop.

      Warning! Once the scan is complete JRT will shut down your browser with NO warning.

      Shut down your protection software now to avoid potential conflicts.

      •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

      •The tool will open and start scanning your system.

      •Please be patient as this can take a while to complete depending on your system's specifications.

      •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

      •Copy and Paste the JRT.txt log into your next message.
      *************************************************
      Malwarebytes' Anti-Rootkit

      Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
      • Be sure to print out and follow the instructions provided on that same page for performing a scan.
      • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
      • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
      • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
      • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
      • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
      • Copy and paste the contents of these two log files in your next reply.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      nari_ka

        Topic Starter


        Rookie
        • Experience: Familiar
        • OS: Windows 8
        Re: Pop ups and redirects - First Scan Logs
        « Reply #3 on: August 01, 2014, 04:38:58 AM »
        Hello Dave,
        Here are my logs:

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Junkware Removal Tool (JRT) by Thisisu
        Version: 6.1.4 (04.06.2014:1)
        OS: Windows 7 Ultimate x86
        Ran by me on Thu 07/31/2014 at 10:14:59.59
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




        ~~~ Services



        ~~~ Registry Values



        ~~~ Registry Keys

        Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544834462}
        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544834462}



        ~~~ Files



        ~~~ Folders



        ~~~ FireFox

        Successfully deleted the following from C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\zxfy6o7p.default\prefs.js

        user_pref("extensions.a508d4e2fa469421da294135dbb8 4fe1bf7b17943cc9e4d4ab2230bd1e7cfc871co m5836258362s58362o58362c58362i58362a583 62l58362.58362m58362a58362n58362i58362f 58362e58
        Emptied folder: C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\zxfy6o7p.default\minidumps [26 files]



        ~~~ Event Viewer Logs were cleared





        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Scan was completed on Thu 07/31/2014 at 10:22:21.37
        End of JRT log
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




        Malwarebytes Anti-Rootkit BETA 1.07.0.1012
        www.malwarebytes.org

        Database version: v2014.08.01.01

        Windows 7 Service Pack 1 x86 NTFS
        Internet Explorer 9.0.8112.16421
        me :: DELL [administrator]

        7/31/2014 11:54:42 PM
        mbar-log-2014-07-31 (23-54-42).txt

        Scan type: Quick scan
        Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
        Scan options disabled:
        Objects scanned: 262094
        Time elapsed: 8 minute(s), 7 second(s)

        Memory Processes Detected: 0
        (No malicious items detected)

        Memory Modules Detected: 0
        (No malicious items detected)

        Registry Keys Detected: 0
        (No malicious items detected)

        Registry Values Detected: 0
        (No malicious items detected)

        Registry Data Items Detected: 0
        (No malicious items detected)

        Folders Detected: 0
        (No malicious items detected)

        Files Detected: 0
        (No malicious items detected)

        Physical Sectors Detected: 0
        (No malicious items detected)

        (end)
        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Pop ups and redirects - First Scan Logs
        « Reply #4 on: August 01, 2014, 02:36:31 PM »
        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan

        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        • Leave the check mark next to Remove found threats.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        nari_ka

          Topic Starter


          Rookie
          • Experience: Familiar
          • OS: Windows 8
          Re: Pop ups and redirects - First Scan Logs
          « Reply #5 on: August 01, 2014, 11:48:32 PM »
          Hello Dave,
          So, looks like the ESET scanner found only the things the Adwcleaner found. It gives me the option to delete the quarantined files, should I check that box before closing the application? The scan took 8 hours to complete!
          By the way, I thought I'd mention that although the browser is not redirecting anymore, I keep getting the AVG search page every time I open a new tab, even though I have it set to Google. Its quite tenacious!
          Here is the ESET scan:

          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\0b5f3c30-03a2-4d63-9f31-3c1cc7310cde.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11.exe.vir   a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2.exe.vir   a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3.exe.vir   a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4.exe.vir   a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5.exe.vir   a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.xpi.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\c3a53950-de1f-44cf-89f5-2bedead76b9d.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bg.exe.vir   a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bho.dll.vir   a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-codedownloader.exe.vir   a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com\extensionData\plugins\91.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application   deleted - quarantined
          C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir   Win32/Systweak.G potentially unwanted application   deleted - quarantined
          C:\Users\me\Downloads\ccsetup416.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   deleted - quarantined
          C:\Users\me\Downloads\ccsetup416pro.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   deleted - quarantined


          `````````````````````````````````````````````````````````````````````````````````


          if you wanted me to post the log in the ESET folder, here it is:


          ESETSmartInstaller@High as downloader log:
          all ok
          # product=EOS
          # version=8
          # OnlineScannerApp.exe=1.0.0.1
          # OnlineScanner.ocx=1.0.0.7623
          # api_version=3.0.2
          # EOSSerial=3fc27dbb2888eb4f8ffa7af9f95d2b09
          # engine=19461
          # end=finished
          # remove_checked=true
          # archives_checked=true
          # unwanted_checked=true
          # unsafe_checked=true
          # antistealth_checked=true
          # utc_time=2014-08-02 05:31:42
          # local_time=2014-08-01 07:31:42 (-1000, Hawaiian Standard Time)
          # country="United States"
          # lang=1033
          # osver=6.1.7601 NT Service Pack 1
          # compatibility_mode_1='avast! Antivirus'
          # compatibility_mode=783 16777213 100 95 0 0 0 0
          # compatibility_mode_1=''
          # compatibility_mode=5893 16776573 100 94 0 158502293 0 0
          # scanned=115658
          # found=16
          # cleaned=16
          # scan_time=30745
          sh=5EF6DD1EE9CB46A8A3C0FC447C20FA4DD5697AAF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\0b5f3c30-03a2-4d63-9f31-3c1cc7310cde.crx.vir"
          sh=F9AC0FE1D87D994A4FFAA7F98F6E6A67586DF6AC ft=1 fh=c0c52e2e9dc7d1d3 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-11.exe.vir"
          sh=885A46553671BF175DD043DBAC12857626F09534 ft=1 fh=67ef0ac222edb61f vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-2.exe.vir"
          sh=F9AC0FE1D87D994A4FFAA7F98F6E6A67586DF6AC ft=1 fh=c0c52e2e9dc7d1d3 vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-3.exe.vir"
          sh=4C2C17F17A7990B361162880FA91913322338334 ft=1 fh=a4dd8b1dd1c6433a vn="a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-4.exe.vir"
          sh=9BBC1C271914ADD8788D80C7F3365DD3568ABAA7 ft=1 fh=97b22a3307d0ae49 vn="a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063-5.exe.vir"
          sh=5EF6DD1EE9CB46A8A3C0FC447C20FA4DD5697AAF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.crx.vir"
          sh=4A7F9590451984E4AC955F678AF8201AA29040A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\a0f0b671-a3d3-4c14-9d42-0b8b4c3d3063.xpi.vir"
          sh=5C8EFBA2EAEE7E989EBED04B0257BB4797F496C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\c3a53950-de1f-44cf-89f5-2bedead76b9d.crx.vir"
          sh=04D3E7039A01857AC61A04C31D89752F0EA94556 ft=1 fh=4bcab78a325497f3 vn="a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bg.exe.vir"
          sh=535AAE99E5238930A5BC6AA9F366E1953C9CA044 ft=1 fh=320c67522b4fa4b8 vn="a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-bho.dll.vir"
          sh=355F5998A37A0E3D824FF261BE7918DCE8FD7D4D ft=1 fh=2c76fa261b127937 vn="a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Program Files\P-HD-V1.4\P-HD-V1.4-codedownloader.exe.vir"
          sh=B730BC81AFB3E390C9D638D2AD48C5DAE83E3975 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\zxfy6o7p.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com\extensionData\plugins\91.js.vir"
          sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\me\Desktop\MWRmv\AdwCleaner\Quarantine\C\Users\me\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
          sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\me\Downloads\ccsetup416.exe"
          sh=BDD1A02CE4D1C21C15110710454D7B7E3602F2BF ft=1 fh=8eedbadeca69cb97 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\me\Downloads\ccsetup416pro.exe"
          Logged

          SuperDave

          • Malware Removal Specialist


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Pop ups and redirects - First Scan Logs
          « Reply #6 on: August 02, 2014, 01:14:58 PM »
          Quote
          looks like the ESET scanner found only the things the Adwcleaner found. It gives me the option to delete the quarantined files, should I check that box before closing the application?
          You can open AdwCleaner and remove the quarantined files there. We will be removing all these tools when we're finished.
          Quote
          By the way, I thought I'd mention that although the browser is not redirecting anymore, I keep getting the AVG search page every time I open a new tab, even though I have it set to Google. Its quite tenacious!
          AVG can be quite frustrating. You should consider another free AV from the list below.

          Remember to only install one antivirus!
           
          1) Avast! Home Edition
          2) AVG Free Edition
          3) Avira AntiVir Personal
          4) MicroSoft Security Essentials   All versions and all languages.
          5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my

          default search provider" and "Make Comodo Search my homepage" if you choose this one)

          It is strongly recommended that you run only one antivirus program at a time. Having more than one

          antivirus program active in memory uses additional resources and can result in program conflicts and

          false virus alerts. If you choose to install more than one antivirus program on your computer, then only

          one of them should be active in memory at a time.
          *********************************************
          This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
          This is a very crucial step so make sure you don't skip it.
          Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

          Double-click Delfix.exe to start the tool.
          Make sure the following items are checked:
          • Activate UAC (optional; some users prefer to keep it off)
          • Remove disinfection tools
          • Create Registry backup
          • Purge System Restore Points
          • Re-set system settings
          Now click "Run" and wait patiently.
          Once finished a logfile will be created. You don't have to attach it to your next reply.
          ************************************************
          Click Start> Computer> right click the C Drive and choose Properties> enter
          Click Disk Cleanup from there.



          Click OK on the Disk Cleanup Screen.
          Click Yes on the Confirmation screen.



          This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
          ***********************************************
          Go to Microsoft Windows Update and get all critical updates.
          ----------

          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

          Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
          Safe Surfing!
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          nari_ka

            Topic Starter


            Rookie
            • Experience: Familiar
            • OS: Windows 8
            Re: Pop ups and redirects - First Scan Logs
            « Reply #7 on: August 05, 2014, 01:26:12 PM »
            Hello Dave,
            One last question, for some reason, I wanted to put all these tools in a folder on my desktop, just to keep it all easy to find, perhaps. After I ran Delfix, the folder I created is still there with all the Malware removal tools and their logs still inside. Would it be safe to just delete the folder? I have tried everything possible mentioned on the web on how to completely get rid of AVG and finally did a search on my computer and found a bunch of AVG "safe search" files in this folder in a AdwCleaner quarantine folder...
            Thanks again for all your help.
            N
            Just for kicks, here is my log from Delfix:


            # DelFix v10.8 - Logfile created 05/08/2014 at 09:18:13
            # Updated 29/07/2014 by Xplode
            # Username : me - DELL
            # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

            ~ Removing disinfection tools ...

            Deleted : C:\AdwCleaner
            Deleted : C:\Users\me\Downloads\adwcleaner_3.300.exe
            Deleted : C:\Users\me\Downloads\adwcleaner_3.302.exe
            Deleted : C:\Users\me\Downloads\SecurityCheck.exe
            Deleted : HKLM\SOFTWARE\AdwCleaner

            ~ Creating registry backup ... OK

            ~ Cleaning system restore ...

            Deleted : RP #61 [Windows 7 Service Pack 1 | 07/31/2014 09:23:32]
            Deleted : RP #62 [Windows Update | 08/03/2014 02:56:10]

            New restore point created !

            ~ Resetting system settings ... OK

            ########## - EOF - ##########
            Logged

            SuperDave

            • Malware Removal Specialist


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Pop ups and redirects - First Scan Logs
            « Reply #8 on: August 05, 2014, 07:09:36 PM »
            Quote
            One last question, for some reason, I wanted to put all these tools in a folder on my desktop, just to keep it all easy to find, perhaps. After I ran Delfix, the folder I created is still there with all the Malware removal tools and their logs still inside. Would it be safe to just delete the folder? I have tried everything possible mentioned on the web on how to completely get rid of AVG and finally did a search on my computer and found a bunch of AVG "safe search" files in this folder in a AdwCleaner quarantine folder...
            Yes, you should delete that folder. If you wish, you can download and install MBAM and AdwCleaner on your computer. Keep them updated and run them on a regular basis to keep your computer clean. As for AVG, you can run this tool to completely remove it.

            AVG Antivirus - AVG Anti-virus Removal Tool
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's
            Pages: [1]   Go Up
            « previous next »