[interpolarity]

Hello! There is a persistent adware I cannot seem to rid my computer of. It presents advertisements on all websites on all browsers despite adblock being on. I've tried deleting the offending 'extensions' in Chrome and resetting IE. Then I do a full Panda virus scan and delete any items that come up. But, after some time, it all comes back. Please help! Thank you

 

P.S. I am attaching the FRST logs because copy/pasting them gives me an error when creating the topic. :/

Attached Files

•  FRST.txt   476.89KB   218 downloads
•  Addition.txt   32.06KB   236 downloads

[Advertisements]

Hello interpolarity and

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

• Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
• Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
• Please follow all instructions in the order given.
• Please do not install any other software unless advised. This may hinder the removal process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.
  
  
  Important!
  
  Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!
  
  I would strongly recommend you back up your personal data and folders before we begin.
  
  Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
  As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
  
  I will analyse your logs and will have a fix for you soon.

[Bruce1270]

Hello interpolarity and

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

• Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
• Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
• Please follow all instructions in the order given.
• Please do not install any other software unless advised. This may hinder the removal process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.
  
  
  Important!
  
  Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!
  
  I would strongly recommend you back up your personal data and folders before we begin.
  
  Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
  As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
  
  I will analyse your logs and will have a fix for you soon.

[Bruce1270]

Hello interpolarity

 

I'm very busy at moment so sorry for the delay.

 

I will have a fix for you soon.

[interpolarity]

Thank you for your care and attention. I'll be patient

[Bruce1270]

Hello interpolarity

Once again apologies for the delay and thanks for your patience and understanding.

First let's try an FRST fix.

Step1

I noticed that you run FRST64.exe from Users\Antonio\Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.  fixlist.txt   1.18KB   198 downloads

• Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
  
• Run FRST by right clicking on it and selecting Run as Administrator and press Fix
• On completion a log (fixlog.txt) will be generated.
• Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
  
  Thanks

[Bruce1270]

Hi Interpolarity

 

Haven't heard from you in a few days. Are you still requiring assistance?

[interpolarity]

Yes, sorry been so busy. I'll do the fix tonight and attach my results to this post. Sorry again :/

[interpolarity]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01

Ran by Antonio at 2015-05-06 22:34:08 Run:1

Running from C:\Users\Antonio\Desktop

Loaded Profiles: Antonio (Available profiles: Antonio)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:

CHR Extension: (No Name) - C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2015-04-30]

2015-04-14 18:39 - 2015-04-14 18:39 - 00000000 ____D () C:\ProgramData\lpmamebbhipokffioidfnholonombild

2015-04-14 18:39 - 2015-04-14 18:39 - 00000000 ____D () C:\ProgramData\kamaenjfbeclfbjjmhbkmnlefdenmejp

2015-04-14 18:37 - 2015-04-18 14:45 - 00000000 ____D () C:\ProgramData\{767827c6-9123-1831-7678-827c69129f1a}

2015-04-08 12:27 - 2015-03-20 16:40 - 00000000 ____D () C:\ProgramData\McAfee

Task: {1DE8A393-B229-44D3-AB54-FF0616DA2994} - \Start SimplePass No Task File <==== ATTENTION

Task: {61DE756C-6047-42CF-AFCE-A2654390F72D} - \Start OPBHOBroker No Task File <==== ATTENTION

Task: {7E55C67F-5463-4A87-8CAF-58702D8BED23} - \Start OPBHOBrokerDesktop No Task File <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

Hosts:

 

*****************

 

Restore point was successfully created.

C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp directory not found.

C:\ProgramData\lpmamebbhipokffioidfnholonombild => Moved successfully.

C:\ProgramData\kamaenjfbeclfbjjmhbkmnlefdenmejp => Moved successfully.

C:\ProgramData\{767827c6-9123-1831-7678-827c69129f1a} => Moved successfully.

C:\ProgramData\McAfee => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1DE8A393-B229-44D3-AB54-FF0616DA2994}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE8A393-B229-44D3-AB54-FF0616DA2994}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start SimplePass" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61DE756C-6047-42CF-AFCE-A2654390F72D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61DE756C-6047-42CF-AFCE-A2654390F72D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start OPBHOBroker" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E55C67F-5463-4A87-8CAF-58702D8BED23}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E55C67F-5463-4A87-8CAF-58702D8BED23}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start OPBHOBrokerDesktop" => Key deleted successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

0 out of 0 jobs canceled.

 

========= End of CMD: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

==== End of Fixlog 22:34:50 ====

[Bruce1270]

Hi Interpolarity

We'll remove Chrome temporarily as it is likely compromised and do some more clean up then reinstall it after.

Step1 - Uninstall Google chrome


1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
5. Close all Chrome windows and tabs.
6. Go to the Start menu > Control Panel.
7. Click Programmes and Features
8. Double-click Google Chrome.
9. Click Uninstall from the confirmation dialogue. Select the "Also delete your browsing data" tick box.


Step2 - Junkware Removal Tool

Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program. To do this see this guide here , scroll down and follow instructions for Panda Antivirus.

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.



Step3 - adwCleaner

Download AdwCleaner from here to the Desktop

• Close all open windows and browsers
• Double click the Adwcleaner icon to execute the program
• When the Tool opens for the first time accept the Terms of use
  
• Click the Scan button and wait for the program to finish.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open
• Please copy/paste the generated log to your next reply.

Things for your next post:

• JRT.txt log
• adwCleaner[S*].txt log
• How is your computer behaving now?
  
  Thanks

[interpolarity]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.8 (05.06.2015:1)

OS: Windows 8.1 x64

Ran by Antonio on Thu 05/07/2015 at 17:30:06.86

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

Successfully deleted: [Task] C:\windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1596431099-4026986612-2164781503-1001

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1596431099-4026986612-2164781503-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 05/07/2015 at 17:31:06.05

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v4.203 - Logfile created 07/05/2015 at 17:36:01

# Updated 30/04/2015 by Xplode

# Database : 2015-05-05.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Antonio - BEDROOM

# Running from : C:\Users\Antonio\Desktop\adwcleaner_4.203.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

*************************

 

AdwCleaner[R0].txt - [1211 bytes] - [27/04/2015 17:05:16]

AdwCleaner[R1].txt - [751 bytes] - [07/05/2015 17:35:22]

AdwCleaner[S0].txt - [677 bytes] - [07/05/2015 17:36:01]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [735  bytes] ##########

 

 

So far so good. I reinstalled Chrome. IE still had it, but I reset it and I don't see anything yet... Thank you so much!

[Bruce1270]

Hi Interpolarity

That's good news! Let's keep going to make sure we catch everything.

Step1 - Malwarebytes scan


Please download Malwarebytes' Anti-Malware from Here or Here

• Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
• During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later :
  
• If an update is found, it will download and install the latest updates automatically:
  
• Now select the Settings tab, and check the box next to Scan for rootkits:
  
• Go back to the Dashboard tab, and click the Scan Now button:
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, it will show you the results. (This one is clean):
  
• Make sure that everything is checked, and click Quarantine All (or similar).
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
  
• The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
  
• Choose the latest Scan Log, and click on the View button:
  
• In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
  
• Copy & Paste the entire contents of the report log in your next reply.
  
  
• Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  
  
  Step2 - ESET on line scanner
  
  ESET Scan
  
  Vista/Win 7 & 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  
  Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  
  
• Please go here then click on .
• You will however need to disable your current installed Anti-Virus, how to do so can be read here .
  If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  
  All of the following instructions work with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on Start.
• When prompted allow Add-On/Active X to install.
• Make sure Enable detection of potentially unwanted applications is selected.
• Click the Advanced Settings link.
• Make sure Remove found threats is NOT checked.
• Make sure Scan archives IS checked.
• Make sure Scan for potentially unsafe applications IS checked.
• Make sure Enable Anti-Stealth technology IS checked
  
  
  
• Now click on Start.
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.
  Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  
  Things for your next post:
• MBAM log
• ESET log
  
  

[interpolarity]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/8/2015

Scan Time: 12:22:34 PM

Logfile: 

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.08.07

Rootkit Database: v2015.04.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Antonio

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 336398

Time Elapsed: 8 min, 34 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application

C:\Users\Antonio\AppData\Local\Temp\{91B10D7A-7B37-4B4A-A93D-24D9AA83874E}.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application

 

 

Not sure if I copied the EST log correctly... there was no LOG.txt

[Bruce1270]

Hi Interpolarity

The log from ESET is fine and we'll remove what it's found. Subject to no further issues with your computer I will clean up my tools and offer some advice on protection and staying safe on the web.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe
C:\Users\Antonio\AppData\Local\Temp\{91B10D7A-7B37-4B4A-A93D-24D9AA83874E}.exe
DeleteQuarantine:
EmptyTemp:

• Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
  
• Run FRST by right clicking on it and selecting Run as Administrator and press Fix
• On completion a log (fixlist.txt) will be generated.
• Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
  
  
  
  Now for the Good News! - Your system now appears to be clean.
  Now for some clean up and "housekeeping" procedures.
  
  A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
• Download Delfix from here
• Locate the file and right click on it. Click on Run as Administrator.
• Ensure Remove disinfection tools is ticked
  Also tick:
• Create registry backup
• Purge system restore
  
  
• Click Run
  
  The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
  
  General
  
  Check Windows Updates is set to automatic
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab.
  • Ensure it is set to Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  Malwarebytes - This is a great program for helping keep your system clean. Update and run weekly.
  
  
  Optional Programs
  
  Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
• Download Unchecky to your desktop
• Right click on the Unchecky_setup and choose to Run as Administrator
• Once open click the Install button.
• Then click on Finish
• Unchecky is now installed and will help you keep unwanted check boxes unchecked
  
  
  
  Crypto Warning!!!! - Complete Data Loss can occur!
  
  There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  That's it. The protection is in place.
  
  Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
  
  
  
  General Advice
• Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
• Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
• Be careful of the websites you visit.
• When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
• Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
• Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.
  
  To learn more about how to protect yourself while on the internet read this little guide Best security practices.
  
  Go here for some good advice about how to prevent infection.
  
  Happy safe surfing!!
  
  That's it. It's been a pleasure working with you.
  
  Please post in your reply:
• fixlog.txt
• Delfixlog
• What issues if any you are having with your computer?

[interpolarity]

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Users\Antonio\AppData\Local\Temp\{91B10D7A-7B37-4B4A-A93D-24D9AA83874E}.exe

DeleteQuarantine:

EmptyTemp:

 

# DelFix v1.010 - Logfile created 09/05/2015 at 15:20:57

# Updated 26/04/2015 by Xplode

# Username : Antonio - BEDROOM

# Operating System : Windows 8.1  (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\RegBackup

Deleted : C:\Users\Antonio\Desktop\FRST-OlderVersion

Deleted : C:\Users\Antonio\Desktop\adwcleaner_4.203.exe

Deleted : C:\Users\Antonio\Desktop\Fixlog.txt

Deleted : C:\Users\Antonio\Desktop\FRST64.exe

Deleted : C:\Users\Antonio\Desktop\JRT.txt

Deleted : C:\Users\Antonio\Desktop\log.txt

Deleted : C:\Users\Antonio\Downloads\Addition.txt

Deleted : C:\Users\Antonio\Downloads\adwcleaner_4.202.exe

Deleted : C:\Users\Antonio\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Users\Antonio\Downloads\FRST.txt

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #12 [Revo Uninstaller's restore point - WildTangent Games | 04/18/2015 23:52:32]

Deleted : RP #13 [Scheduled Checkpoint | 04/28/2015 06:22:43]

Deleted : RP #14 [Scheduled Checkpoint | 05/05/2015 11:56:53]

Deleted : RP #16 [Restore Point Created by FRST | 05/07/2015 05:34:14]

Deleted : RP #17 [HPSF Applying updates | 05/08/2015 22:51:36]

 

New restore point created !

 

########## - EOF - ##########

 

 

 

Thank you so much for all your detailed and careful instruction! I've been using this site for nearly a decade and the quality has only skyrocketed! One thing though...

Chrome is blocking the download of CryptoPrevent and when I searched for an alternate download link, it showed a very low (1 star) rating on Softonic... I trust you, but now I'm a little wary...

[Bruce1270]

Hi Interpolarity

Did you try installing Cryptoprevent using Chrome. What happens if you try using Internet Explorer?

Try Internet Explorer and use the link I provided in post #13.

Thanks