Need Assistance

Before I can work up a complete fix please provide the AdwCleaner log requested in the first part of the Read & Run Me First and also please tell me whether you use/need the Yahoo Toolbar which is filling up your logs with garbage. It would be easier if we just uninstall/remove all of Yahoo Toolbar along with the other junk.

 

Try using Revo Uninstaller ( see below link ):
http://www.majorgeeks.com/files/details/revo_uninstaller.html

Then run AdwCleaner and attach the log.

Also if you were able to uninstall Yahoo Toolbar with Revo, please run new scan with Hitman Pro ( attach the new log ) so we can check the new status. Much of what was in Hitman was from Yahoo.

 

Okay run Hitman Pro again and enable the free 30 day trial license and then have it remove all (but the noted exceptions below) the Malware remnants and Potential Unwanted Programs that it reports ( this includes all the left over from Yahoo of which there are a lot ).

Exceptions to not remove which I assume you use:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\ (MiPony)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk (MiPony)


Then reboot your PC. After reboot, run new scans with both AdwCleaner and Hitman Pro and attach the new logs so we can see what remains to be cleaned up.

 

Run AdwCleaner and have it remove the below items only! Do no remove anything that you know you use.

***** [ Folders ] *****

Folder Found: C:\ProgramData\wincert
Folder Found: C:\ProgramData\Application Data\wincert

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-7288971
Key Found: [x64] HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-7288971
Key Found: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4205921197-514269210-3576095911-1003\Software\Mega Browse
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4205921197-514269210-3576095911-1003\Software\Wajam
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4205921197-514269210-3576095911-1003\Software\wecarereminder
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4205921197-514269210-3576095911-1003\Software\Mega Browse
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4205921197-514269210-3576095911-1003\Software\Wajam
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4205921197-514269210-3576095911-1003\Software\wecarereminder
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\default-search.net
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\linkeyproject.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.default-search.net
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.linkeyproject.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkeyproject.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.default-search.net
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.linkeyproject.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\default-search.net
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\linkeyproject.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.default-search.net
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.linkeyproject.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkeyproject.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.default-search.net
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.linkeyproject.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com


***** [ Web browsers ] *****
Chrome pref Found: [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Web data] - buenosearch.com
Chrome pref Found: [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=305&src=hmp
Chrome pref Found: [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl
Chrome pref Found: [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb
Chrome pref Found: [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ippkomaaonokjnfjoikaemidanojkfmm
Chrome pref Found: [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=305&src=hmp


Then reboot your PC. After reboot, collect a new log from AdwCleaner and attach it.

Also tell me how things are working.

 

Looking good now.

Your logs are clean. Please complete all of the below final instructions before running any other scans to avoid false detections of things we have already quarantined or left overs from system restore.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
3. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your Windows version in this link: Disable And Enable System Restore​
   • For Windows 8 and 8.1 system restore see this link: Win 8 System Restore - How to enable/disable​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!