Laflurla adware not yielding to Spybot

[Dakeyras]

Hi.

Thank you for your continued assistance.

You're welcome and no need to attach anything from this point forward, merely post any requested logs please.

I have checked out the MBR all appears fine and I am of the mind if something is not broken do not fix so we will leave as is. Still not a complete FRST log but we can come back to that in shortly.

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outlined in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to rectify this.

Note: Ensure you reboot you machine when prompted before proceeding any further.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

• Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
• Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
• Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Re-scan with Farbar Recovery Scan Tool:

Please delete the current version of FRST64.exe and both the FRST and Addition logs, then empty the Recycle Bin.

Then re-download and save Farbar Recovery Scan Tool 64-Bit to your desktop.

• Right-click on FRST64.exe and select Run as Administrator to start FRST.
• Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
• Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
• At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
• There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• AdwCleaner Log.
• Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

[Brucezibung]

The adware does not seem to be a bother at present.
The zipfiles are attached per your request.
Thank you
BRZ

[Brucezibung]

Addition zip file is attached here as well.
Apologize for my error.
BRZ

[Dakeyras]

Hi.

The adware does not seem to be a bother at present.

Good, please bare in mind what I asked prior:-

no need to attach anything from this point forward, merely post any requested logs please.

Also could you please post the log created by AdwCleaner before we proceed any further for my review, thank you.

[Brucezibung]

It finally dawned on me how I should cut and paste the files into a thread. I apologize for any earlier inconvenience
BRZ

# AdwCleaner v4.101 - Report created 17/11/2014 at 11:33:13
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - DEBORAH-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : {6b320d34-648f-46d8-8353-a4300db1c49c}w64

***** [ Files / Folders ] *****

File Found : C:\windows\System32\\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Bruce\AppData\Local\pay-by-ads
Folder Found : C:\Users\Bruce\AppData\LocalLow\HPAppData
Folder Found : C:\windows\System32\ljkb
Folder Found : C:\windows\SysWOW64\SearchProtect

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [4080 octets] - [17/11/2014 11:33:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4140 octets] ##########
# AdwCleaner v4.101 - Report created 17/11/2014 at 11:50:57
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - DEBORAH-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
Service Deleted : {6b320d34-648f-46d8-8353-a4300db1c49c}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\windows\System32\ljkb
Folder Deleted : C:\Users\Bruce\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\Bruce\AppData\LocalLow\HPAppData
File Deleted : C:\windows\System32\\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [4252 octets] - [17/11/2014 11:33:13]
AdwCleaner[S0].txt - [3915 octets] - [17/11/2014 11:50:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3975 octets] ##########

[Dakeyras]

Hi.

I apologize for any earlier inconvenience

Not a problem lets proceed as follows shall we...

Uninstall Software:

Please click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Laflurla

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

Attachment 11865

• Now right-click on FRST.exe and select Run as Administrator to start FRST.
• Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
• Your machine should now automatically reboot itself.
• Post the contents of the newly created Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Alternate download is here.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

• Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered ?
• Fixlog Log from the Custom FRST Script.
• Junkware Removal Tool Log.

[Brucezibung]

The computer seems to be working without inerrruption- that is, no unwanted irritating adware popups.
BRZ

[Brucezibung]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Bruce at 2014-11-19 11:06:58 Run:1
Running from C:\Users\Bruce\Desktop
Loaded Profile: Bruce (Available profiles: Bruce)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1647694867-1531263975-1063293069-1003 -> {26903760-B66C-4875-B5A1-009D551EA1D3} URL =
BHO: TidyNetwork -> {1BFB42B7-2543-32F2-F140-93B319521810} -> C:\Program Files (x86)\TidyNetwork\petn64.dll No File
C:\Program Files (x86)\TidyNetwork
2014-11-12 13:42 - 2014-10-06 12:04 - 00043798 _____ () C:\windows\SysWOW64\bddel.dat
Task: {47168BB5-8A01-468C-9298-B5E97CBA8B81} - System32\Tasks\TidyNetwork Update => C:\Users\Deborah\AppData\Local\TidyNetwork\petnupdate.exe
C:\Users\Deborah\AppData\Local\TidyNetwork
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
emptytemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-1647694867-1531263975-1063293069-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26903760-B66C-4875-B5A1-009D551EA1D3}" => Key deleted successfully.
"HKCR\CLSID\{26903760-B66C-4875-B5A1-009D551EA1D3}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BFB42B7-2543-32F2-F140-93B319521810}" => Key deleted successfully.
"HKCR\CLSID\{1BFB42B7-2543-32F2-F140-93B319521810}" => Key deleted successfully.
"C:\Program Files (x86)\TidyNetwork" => File/Directory not found.
C:\windows\SysWOW64\bddel.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47168BB5-8A01-468C-9298-B5E97CBA8B81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47168BB5-8A01-468C-9298-B5E97CBA8B81}" => Key deleted successfully.
C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"C:\Users\Deborah\AppData\Local\TidyNetwork" => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

EmptyTemp: => Removed 272.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[Brucezibung]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Bruce on Wed 11/19/2014 at 11:20:09.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/19/2014 at 13:44:12.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
thanks for your continued assistance
BRZ

[Dakeyras]

Hi.

The computer seems to be working without inerrruption- that is, no unwanted irritating adware popups.

Good.

thanks for your continued assistance

You're welcome! A few more scans to complete as follows...

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

• Right-click on mbam-setup-2.0.3.1025.exe and select Run as Administrator, then follow the prompts to install the program.
• Select the language and click OK >> Accept the agreement.
• Deselect the check-mark next to Enable the Free Trial as otherwise this will cause a security conflict with presently installed security software and then ensure Launch Malwarebytes' Anti-Malware is selected, then click on finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Scan Now".
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click on Quarantine All
• When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
• Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
• Double click on the last scan done, then on Copy to Clipboard.
• To submit your reply, click on Add Reply, then right click on the window and select Paste.
• Submit your reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.

• Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
• Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
• Please be patient as the scan may take some time to complete depending on your system's specifications.
• Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
• Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
• Save this to your desktop and post the contents in your next reply.
• Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.