Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Nation malware


  • Please log in to reply
29 replies to this topic

#1 villanelle

villanelle

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 08:51 PM

Hello computer literate individuals,

 

I am hoping someone can help me before I pass out from a panic attack. I feel somewhat stupid because I seem to have some maleware program called AVG Nation search bar going on. I was using AVG until earlier today my browser kept redirecting to some strange avg nation search engine and there was also a tool bar. 

 

I uninstalled the toolbar in computer programs, and then ran malwares and cc cleaner. The tool bar is gone, but my browser redirects to the avg nation search engine. I then deleted AVG and installed Avast. Then I did a system restore, but I can't seem to get rid of it. 

 

Also, when I try to do a search within my email account (yahoo - don't laugh!) it also redirects to another page. I can't even search my own emails.

 

Is there anyway to fix my computer, please? 

 

I have a HP laptop (Pavilion dv6 - for better or for worse), and I am using Windows 7 Home Premium.

 

Could someone please help me?

 

Anxiously yours,

 

A freaked out philosophy phd student.

 


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:15 PM

Posted 28 September 2013 - 09:24 PM

Hello -
Generally this is now installed as part of AVG Antivirus program, but AVG is getting a bit too agressive with their marketing.
Uninstall AVG Antivirus by following all of these directions >
Windows XP and 7
1. Go to Start -> (Settings) -> Control Panel.
2. Open (Programs) -> Programs and Features, or Add or Remove Programs.
3. Select AVG in the list of programs.
4. Click the Uninstall or Change/Remove button.
5. Follow the instructions on your screen to complete the uninstallation.
6. Restart your computer.

Next =>
1. Save all your work and close all documents! Your computer will be restarted during the procedure.
2. Download the AVG Remover tool from Our website.
3. Run the downloaded tool and follow the instructions displayed on your screen.
4. Your computer will be restarted automatically. After the restart, AVG Remover will finish the uninstallation.

 

Next install Microsoft Security Essentials Antivirus from HERE

 

Next Please download Junkware Removal Tool to your desktop.

◾ Windows Vista, 7, or 8;users right-mouse click JRT.exe and select "Run as Administrator".
◾ The tool will open and start scanning your system.
◾ Please be patient as this can take a while to complete depending on your system's specifications.
◾ On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
◾ Post the contents of JRT.txt into your next message.

 

Now tell me if the toolbar and redirect has gone, or improved.

 

Thank You -



#3 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 10:00 PM

Thanks, Aussie addict.

 

I did as you asked and unfortunately it is still highjacking my browser.

 

Every time I open up chrome my homepage come up and also another tab for avg nation. I am still unable to use the search option in my email.

 

I do not mean to undermine your expertise, but are you sure it is not malware?

 

Here is my log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Cyndy on 29/09/2013 at  4:39:29.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2306007927-493915409-2896967601-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hdvid codec v1-codedownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hdvid codec v1-codedownloader_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\starapp"
Successfully deleted: [Folder] "C:\Users\Cyndy\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Cyndy\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Cyndy\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Cyndy\AppData\Roaming\mozilla\firefox\profiles\1dgtdukn.default-1360542430300\smartbar
Successfully deleted the following from C:\Users\Cyndy\AppData\Roaming\mozilla\firefox\profiles\1dgtdukn.default-1360542430300\prefs.js
 
user_pref("CT1561552.1000082.isPlayDisplay", "true");
user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.FF19Solved", "true");
user_pref("CT1561552.FirstTime", "true");
user_pref("CT1561552.FirstTimeFF3", "true");
user_pref("CT1561552.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT1561552.SearchAppState.enc", "Mg==");
user_pref("CT1561552.UserID", "UN78362127011104178");
user_pref("CT1561552.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT1561552.autoDisableScopes", -1);
user_pref("CT1561552.cbfirsttime.enc", "V2VkIEZlYiAyMCAyMDEzIDE4OjQwOjMxIEdNVCswMTAw");
user_pref("CT1561552.defaultSearch", "false");
user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT1561552.enableAlerts", "always");
user_pref("CT1561552.enableFix404ByUser", "TRUE");
user_pref("CT1561552.enableSearchFromAddressBar", "true");
user_pref("CT1561552.firstTimeDialogOpened", "true");
user_pref("CT1561552.fixPageNotFoundError", "true");
user_pref("CT1561552.fixPageNotFoundErrorByUser", "true");
user_pref("CT1561552.fixPageNotFoundErrorInHidden", "true");
user_pref("CT1561552.fixUrls", true);
user_pref("CT1561552.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
user_pref("CT1561552.installDate", "20/2/2013 18:40:19");
user_pref("CT1561552.installId", "conduitinstaller.exe");
user_pref("CT1561552.installType", "conduitnsisintegration");
user_pref("CT1561552.isCheckedStartAsHidden", true);
user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.isFirstTimeToolbarLoading", "false");
user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1561552.lastVersion", "10.14.65.43");
user_pref("CT1561552.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT1561552.migrateAppsAndComponents", true);
user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.it%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0C
user_pref("CT1561552.openThankYouPage", "false");
user_pref("CT1561552.openUninstallPage", "true");
user_pref("CT1561552.price-gong.isManagedApp", "true");
user_pref("CT1561552.revertSettingsEnabled", "false");
user_pref("CT1561552.search.searchAppId", "128491907208256770");
user_pref("CT1561552.search.searchCount", "0");
user_pref("CT1561552.searchInNewTabEnabledByUser", "false");
user_pref("CT1561552.searchInNewTabEnabledInHidden", "true");
user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361382025957");
user_pref("CT1561552.serviceLayer_services_appsMetadata_lastUpdate", "1361382025745");
user_pref("CT1561552.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361382025656");
user_pref("CT1561552.serviceLayer_services_location_lastUpdate", "1361382024856");
user_pref("CT1561552.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361382026348");
user_pref("CT1561552.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361382025706");
user_pref("CT1561552.serviceLayer_services_searchAPI_lastUpdate", "1361382024848");
user_pref("CT1561552.serviceLayer_services_serviceMap_lastUpdate", "1361382024159");
user_pref("CT1561552.serviceLayer_services_setupAPI_lastUpdate", "1361382025115");
user_pref("CT1561552.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361382025605");
user_pref("CT1561552.serviceLayer_services_toolbarSettings_lastUpdate", "1361382024901");
user_pref("CT1561552.serviceLayer_services_translation_lastUpdate", "1361382025897");
user_pref("CT1561552.settingsINI", true);
user_pref("CT1561552.shouldFirstTimeDialog", "false");
user_pref("CT1561552.smartbar.CTID", "CT1561552");
user_pref("CT1561552.smartbar.Uninstall", "0");
user_pref("CT1561552.smartbar.toolbarName", "Hotspot Shield ");
user_pref("CT1561552.startPage", "false");
user_pref("CT1561552.toolbarBornServerTime", "20-2-2013");
user_pref("CT1561552.toolbarCurrentServerTime", "20-2-2013");
user_pref("CT1561552.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361382023052,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
Emptied folder: C:\Users\Cyndy\AppData\Roaming\mozilla\firefox\profiles\1dgtdukn.default-1360542430300\minidumps [4 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/09/2013 at  4:49:37.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 AM

Posted 28 September 2013 - 10:21 PM

Could it be Nation Toolbar, a browser add-on that you are having problems with?

How do i uninstall Nation Toolbar from Windows and browsers
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 10:25 PM

Thanks, quietman7, that is exactly the toolbar, except it says in the address bar avg.nation.com

 

Also, I read the instructions on the page you provided, and I have already done all those things. The toolbar and web search thing showed up in the control panel programs section as an avg application. Also, the "add-on" does not show up in my list of add-ons on chrome.


Edited by villanelle, 28 September 2013 - 10:29 PM.


#6 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 10:37 PM

p.s. I have checked chrome, firefox and explorer and nation does not come up as an add-on for any of them.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 AM

Posted 28 September 2013 - 10:40 PM

Thanks, quietman7, that is exactly the toolbar, except it says in the address bar avg.nation.com

AVG Nation toolbar is from the same creator (search.nation.com). Both the add-ons are essentially identical except one includes AVG Secure Search.

How To Disable AVG Secure Search Provider In Browsers
How to remove AVG Toolbar, Homepage and Secure Search from your browser with AVG Browser Configuration Tool
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 10:47 PM

Yes, I understand that, but neither add-on comes up, as you have probably read, I have done all I can to remove it. It is really affecting the performance of my computer. Not only is it hijacking my browser, but it is affecting my email application. I cannot search within google email or yahoo email. Instead, it opens a new tab and does a web search for that particular word.

 

I read else where that other people have the same problem as me. They have done many things to uninstall. The toolbar is deleted easily enough, but the websearch affects the computer.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 AM

Posted 28 September 2013 - 10:51 PM


Check for and remove search.nation.com from Search Engine and Homepage. Actually it may be easier to just reset both.

To reset the browser search engine in Internet Explorer, Firefox and Google Chrome, please refer to:To reset the browser home page in Internet Explorer, please refer to:-- If using Firefox, Google Chrome or Opera, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 AM

Posted 28 September 2013 - 10:56 PM

After doing that download and scan with Malwarebytes Anti-Malware.

Follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.[/list] Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 AM

Posted 28 September 2013 - 10:59 PM

Then download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 11:03 PM

Thanks, quietman7. Maybe I am giving the impression that I am a complete imbecile or something, or I am not explaining myself properly, but as I wrote above: Every time I open up chrome my homepage comes up and also another tab for avg nation (TWO TABS OPEN). Also, I am not sure how my homepage could be affecting the search setting in my yahoo mail and google mail account.

 

I should stress that I have already checked the homepage on each browser before this.


Edited by villanelle, 28 September 2013 - 11:03 PM.


#13 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 11:08 PM

Ok, thanks, quietman7, I'll get on that asap.



#14 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 11:32 PM

  Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.09.29.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cyndy :: CYNDY-PC [administrator]
 
29/09/2013 06:13:57
mbam-log-2013-09-29 (06-13-57).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200859
Time elapsed: 2 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14D3074A-9606-37A7-10F9-3A54C54EC780} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\ProgramData\InstallMate\{B1519D76-448F-4491-A67A-0CAD6AB2BF80}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{B1519D76-448F-4491-A67A-0CAD6AB2BF80}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
 
(end)
 
 
# AdwCleaner v3.005 - Report created 29/09/2013 at 06:19:34
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cyndy - CYNDY-PC
# Running from : C:\Users\Cyndy\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4667 octets] - [29/09/2013 05:54:54]
AdwCleaner[R1].txt - [832 octets] - [29/09/2013 06:19:34]
AdwCleaner[S0].txt - [4794 octets] - [29/09/2013 05:56:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [951 octets] ##########
 
 
# AdwCleaner v3.005 - Report created 29/09/2013 at 06:21:57
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cyndy - CYNDY-PC
# Running from : C:\Users\Cyndy\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4667 octets] - [29/09/2013 05:54:54]
AdwCleaner[R1].txt - [1030 octets] - [29/09/2013 06:19:34]
AdwCleaner[S0].txt - [4794 octets] - [29/09/2013 05:56:34]
AdwCleaner[S1].txt - [953 octets] - [29/09/2013 06:21:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1012 octets] ##########
 
Thank you!
 


#15 villanelle

villanelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 September 2013 - 11:34 PM

This was the first scan with adwcleaner:

 

# AdwCleaner v3.005 - Report created 29/09/2013 at 05:54:54
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cyndy - CYNDY-PC
# Running from : C:\Users\Cyndy\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Folder Found C:\Program Files (x86)\HDvidCodec.com
Folder Found C:\Users\Cyndy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Found C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\adawaretb
Folder Found C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\jetpack
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
 
-\\ Mozilla Firefox v18.0.2 (en-US)
 
[ File : C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\prefs.js ]
 
Line Found : user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.it%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CDcQFjAA%26url%3Dhxxp%253A[...]
Line Found : user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
Line Found : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
Line Found : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361382023052,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4515 octets] - [29/09/2013 05:54:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4575 octets] ##########
 
# AdwCleaner v3.005 - Report created 29/09/2013 at 05:56:34
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cyndy - CYNDY-PC
# Running from : C:\Users\Cyndy\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\HDvidCodec.com
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\adawaretb
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\jetpack
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Cyndy\AppData\Roaming\Mozilla\Firefox\Profiles\1dgtdukn.default-1360542430300\prefs.js ]
 
Line Deleted : user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.it%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CDcQFjAA%26url%3Dhxxp%253A[...]
Line Deleted : user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361382023052,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4667 octets] - [29/09/2013 05:54:54]
AdwCleaner[S0].txt - [4642 octets] - [29/09/2013 05:56:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4702 octets] ##########
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users