Loosing battle :(

[REDACTED]

That actually says that 8 of the "infections" were in AdwCleaner's Quarantine folder.  I don't know what is crashing the ESET scanner; I've seen this on more systems lately so it must be something Microsoft changed (or ESET, but we will let them work on that end).

Let us see what Panda finds (again, a good scanner that's free and will only run on demand).

Download Panda Cloud Cleaner from here.  Double click on the file and it will direct you from there.

Ran Panda, it found a few infections which I deleted. It did not make a log tho...also when it ended it said I could call a number to finish clean up, which is usually what malware software does 0_0

What can I do next to try and get my browsers cleaned up?

[mikaelrask]

hey otomon can you provided us with that log from panda. and run a new scan with first and attach afresh log so dbrisendine have something new to lock at. did you get up that you can call a number after you run the panda scan? can you provide a picture of that. as you sad it would suggest you still have something on your computer that needs to be removed.

[dbrisendine]

I apologize for the scanner issues.  ESET has been very reliable for years and just lately seems to have the crash problem at the end of the scan.  Panda was just trying to help recover the cost of providing a free scanner (that message at the end is a message from Panda [not some malware] BUT 'fishing' for customers?).

Let's step back and see what FRST shows us now ...


We need to get a fresh scan from FRST.

• If you still have the Addition.txt file on your desktop, please delete it now.
• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
• Please check the Addition.txt in the Option Scan section of FRST.
• Press the Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please copy and paste log back here.
• The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

[REDACTED]

hey otomon can you provided us with that log from panda. and run a new scan with first and attach afresh log so dbrisendine have something new to lock at. did you get up that you can call a number after you run the panda scan? can you provide a picture of that. as you sad it would suggest you still have something on your computer that needs to be removed.

Here is the pic of what happens with Panda, it does detect and delete stuff, however it creates no log:                                                                                                                                     

I apologize for the scanner issues.  ESET has been very reliable for years and just lately seems to have the crash problem at the end of the scan.  Panda was just trying to help recover the cost of providing a free scanner (that message at the end is a message from Panda [not some malware] BUT 'fishing' for customers?).

Let's step back and see what FRST shows us now ...


We need to get a fresh scan from FRST.

• If you still have the Addition.txt file on your desktop, please delete it now.
• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
• Please check the Addition.txt in the Option Scan section of FRST.
• Press the Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please copy and paste log back here.
• The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

Okay I have attached the files as you asked.

[dbrisendine]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Yahoo Search Set

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

[REDACTED]

Okay, followed the steps you mentioned... my browser still gets reset to something else when I close it

[REDACTED]

Also noticed on that last scan, that it deleted a folder called HKLM, which is what I was deleting back when I first started this thread...also since Firefox also changes as default browser, we can rule it that it was Chrome auto-synching folders.

[dbrisendine]

HKLM stands for HKey_Local_Machine which is a Registry Section (similar to a File folder / tree branch but not exactly the same).
I suspect that you can not change the "default browser" setting due to some locked registry settings (made by the BrowserAir malware).  The following utility is very useful in resetting / correcting Windows errors due to permissions / settings / etc.  You can certainly do all the repairs but I would think the following would be the best course of minimal actions:

Step #5 - Registry Backup and System Restore point creation.
Repairs - Run #1, #7 and #10 although you may certainly run all relative to your OS

Make sure to run this utility in Safe Mode; it has a built-in routine to handle restarting into Safe Mode since it is not straight forward to get there in Windows 8 or above.

Please download "Windows Repair - All in One" from here.  Please choose "Save file.." if you get options to open the file.   Once the download is complete, run the file and install the program on your system.  Please use the default settings for locations as it will help with log retrieval and fixing the registry should anything be needed.

Right click on the desktop shortcut for "Tweaking.com - Windows Repair" and select 'Run as administrator'.

The program will run a self check to make sure that all the correct files are in place for it to run and then it will load the program.  As you can see, there are many steps to take in using this program.  Mainly, the first few steps involve checking for proper Windows files and backing up the system as a precaution.


 
You can read the notes on the first screen but the important thing to do is click on "ReBoot to Safe Mode" and allow the system to restart itself.  Once the system is started in safe mode and you have logged in (using an administrative level account), restart the program and move onto the Step2 screen.
 


Please click on "Open Pre-Scan" to load a utility to verify some Windows resource / build files and settings.


 
Click on "Start Scan" and allow the routine to run.  You can see the status of the checks in the window.
 

 
When the routine is finished, it will report on any problems found and you can click on the appropriate repair button if needed.  Once this is done, you can close this window and click on Step3.
 

 
Click on the "Check" to see if a repair disk check routine needs to run.  A Command Prompt window will open and you can view the status of the routine.  If the routine finds that repairs need to be made, please select "Open Disk Check at Next Boot" and then click on the "Reboot To Safe Mode" button.  Once the routine(s) completes, please select Step4.
 

 
Please click on "Do It" to run a SFC /scannow routine.  If the routine makes any repairs, please reboot your system (again into Safe Mode).  If the routine does not make any repairs, please move onto Step5.
 

 
Once there, click on "Backup" under the 1. Registry Backup.  This will make a complete backup of the current registry which can be reloaded should anything go wrong with the repairs that are going to be made.  Next, click on the "Create" under 2. System Restore.  Once both of these backups are made, select Repairs.
 


I would suggest that you read the Tips For The Best Repairs Results.  Once this is done, click on "Open Repairs".



On this screen, click the following: Defaults.  The screen and options should look very much like the picture above.  Click "Start Repairs" and confirm that the program starts running the fixes.  This will take a while to run, so you can let it run unattended if you like.  Log files are being recorded as the repairs are being executed.  Once the repairs are finished, reboot your system (normal boot now) and tell me how it is running now.