[killallviruses]

Ahhh  I thought we were done, no worries ill await your next instructions

[Advertisements]

Hi killallviruses,

 

Glad to hear that your machine is doing better! Don't go yet as I have a few more things I'd like you to do. We needed to handle the earlier issues that we worked thorough, before we did these next steps.

 

You have Windows Sidebar and I'd advise you to remove it.

 

Windows Sidebar Advice:

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to rectify this.

Note: Ensure you reboot you machine when prompted before proceeding any further.

 

Next, I'd advise you work through the following instructions

 

set your default search engine and if the need a reset browser settings.

Next,

 

Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Make sure you post back the results of the Security Check and we'll figure out where you are with that. Also, don't disappear on me as I still have a few more scans for your to run and a little more clean up to do including the Tools that we used.

[Biscuithd]

Hi killallviruses,

 

Glad to hear that your machine is doing better! Don't go yet as I have a few more things I'd like you to do. We needed to handle the earlier issues that we worked thorough, before we did these next steps.

 

You have Windows Sidebar and I'd advise you to remove it.

 

Windows Sidebar Advice:

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to rectify this.

Note: Ensure you reboot you machine when prompted before proceeding any further.

 

Next, I'd advise you work through the following instructions

 

set your default search engine and if the need a reset browser settings.

Next,

 

Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Make sure you post back the results of the Security Check and we'll figure out where you are with that. Also, don't disappear on me as I still have a few more scans for your to run and a little more clean up to do including the Tools that we used.

[killallviruses]

I didnt even know I had windows sidebar but ive followed the instructions above, heres the log from security check

 

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 55  

 Adobe Flash Player 13.0.0.206  

 Adobe Reader XI  

 Google Chrome 34.0.1847.131  

 Google Chrome 34.0.1847.137  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 4% 

````````````````````End of Log`````````````````````` 

[Biscuithd]

Hi killallviruses,

 

Appologies for my delayed response.

 

Your logs are looking much better. I know you ran MBAM recently, but I need to see the log, so let's run it again along with ESET.

 

So, rerun MBAM scan as you did last time and post back the result.

 

Then, ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install.
• Make sure that the option Remove found threats is unticked
• If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first! located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
• Then paste the Logfile in the thread
• Then click on: Finish

To summarize, please post back the ESET log and the MBAM log.

[killallviruses]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 19/05/2014

Scan Time: 14:35:05

Logfile: mbam.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.19.03

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Enabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Randles

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 364342

Time Elapsed: 2 hr, 31 min, 50 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[killallviruses]

ESET has found these so far

 

Im quite annoyed that im paying for MBAM and that hasnt found anything

 

[Biscuithd]

Honestly, don't be too upset. None of these tools catch everything. That's why we run multiple scanners. Let's see what it finds when it's done.

[killallviruses]

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=294ffe717b37674e95d6da0e54837f83

# engine=18321

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-05-19 02:19:39

# local_time=2014-05-19 03:19:39 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=772 16777213 83 80 340738 4249602 0 0

# compatibility_mode=5893 16776573 100 94 277994 152974229 0 0

# scanned=123837

# found=2

# cleaned=0

# scan_time=2108

sh=FC1D4D0CB36E4C0259A1CD3B60D1EF6EF48C0BB5 ft=1 fh=32d1c175243ad0eb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\plugins\ConduitChromeApiPlugin.dll"

sh=FC1D4D0CB36E4C0259A1CD3B60D1EF6EF48C0BB5 ft=1 fh=32d1c175243ad0eb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\plugins\ConduitChromeApiPlugin.dll"

[killallviruses]

Its done

[Biscuithd]

Hi killallviruses,

 

Unfortunately there is still a bit more work to do. ESET uncovered a few folders that need to be handled.

 

Please re-run OTL and use the custom script as follows.

 

OTL Fix
 

• Run OTL as you did before.
• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

 

:Commands
[CreateRestorePoint]

:Files
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp

:Commands
[EmptyTemp]

 

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

 

After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

 

Post the results back to me so that I can be sure the folders were moved.

[killallviruses]

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== FILES ==========

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\_locales\en folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\_locales folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\sl folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\lib\jquery.alerts\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\lib\jquery.alerts folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\lib folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\core folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\WEATHER\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\WEATHER\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\WEATHER folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\TWITTER\resources folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\TWITTER\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\TWITTER\img folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\TWITTER folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\view\style folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\view\script folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\view folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\resources folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\Css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\SEARCH folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\RADIO_PLAYER folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\PRICE_GONG\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\PRICE_GONG\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\PRICE_GONG folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\Optimizer\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\Optimizer folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\NOTIFICATION\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\NOTIFICATION\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\NOTIFICATION folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\MULTI_RSS\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\MULTI_RSS\img folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\MULTI_RSS\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\MULTI_RSS folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\HIGHLIGHTER folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa\404 folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\wa folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\menu\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\menu\img folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\menu\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\menu folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\gf\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\gf\img folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\gf\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\gf folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\gadgetFrame folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\dlg\ftd\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\dlg\ftd folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui\dlg folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ui folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\sp\spsd\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\sp\spsd folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\sp\spbd\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\sp\spbd folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\sp\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\sp folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\options\js\resources folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\options\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\options\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\options\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\options folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\msd folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\api folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ac\res folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ac\img folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ac\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\ac folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\aboutBox\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\aboutBox\images folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al\aboutBox folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb\al folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\tb folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\NewTabPages\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\NewTabPages\img folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\NewTabPages\html folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\NewTabPages\css folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\NewTabPages\API folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\NewTabPages folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search\html folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\Search folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\plugins folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\js\toolbarAPI folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\js\tabs\back folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\js\tabs folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\js\options folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\js\lib folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\js folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0 folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp folder moved successfully.

File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Randles

->Temp folder emptied: 3157585 bytes

->Temporary Internet Files folder emptied: 541120 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 429424564 bytes

->Flash cache emptied: 651 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9009767 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 1297618474 bytes

 

Total Files Cleaned = 1,659.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 05202014_190527

 

Files\Folders moved on Reboot...

C:\Users\Randles\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Randles\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[killallviruses]

What now?

[Biscuithd]

Sorry for the delays. Many storms in my part of the country have knocked out power over the past few days.

 

 

 

Subject to no further problems I will send you on your way!

I will also remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Good news ----- Your log appears clean

A good workman always cleans up after himself so..The following piece of code will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)



Malwarebytes.

Update and run weekly to keep your system clean

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

 

If you have any questions or further problems, feel free to stop back

 

 

[killallviruses]

Where do I find the download link for that cryptoprevent?

[killallviruses]

Ive found it