Posted August 16, 201410 yr PastaLeak ads keep popping up. Ran MWB... Ran Adwcleaner ( this seemed to get rid of the PastaLeaks ) Ran FRST & Addition.txt Below are the reports: Being a Newbie on things, just wanting to be sure its gone and anything else that may be harmful. Thanks ROB ------------------------- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by RW-01 (administrator) on RW-01-PC on 13-08-2014 20:52:14 Running from C:\Users\RW-01\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Aimersoft Video Converter Ultimate -> {54F73992-6549-4369-9A0D-84FD310A464A} -> C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll No File BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 24.159.64.23 66.189.0.100 FireFox: ======== FF ProfilePath: C:\Users\RW-01\AppData\Roaming\Mozilla\Firefox\Profiles\pw3qn2he.default FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Extension: DownloadHelper - C:\Users\RW-01\AppData\Roaming\Mozilla\Firefox\Profiles\pw3qn2he.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-21] FF Extension: Firefox Old Version Update Hotfix - C:\Users\RW-01\AppData\Roaming\Mozilla\Firefox\Profiles\pw3qn2he.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-21] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-21] FF HKLM\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt Chrome: ======= CHR HomePage: hxxp://my.yahoo.com/;_ylt=Av5SA2soZ_Sm8Kp2F1gLFX6vulI6 CHR StartupUrls: "hxxp://my.yahoo.com/;_ylt=Av5SA2soZ_Sm8Kp2F1gLFX6vulI6" CHR Extension: (Google Docs) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21] CHR Extension: (Google Drive) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (YouTube) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21] CHR Extension: (Adblock Plus) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-11] CHR Extension: (Google Search) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21] CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2014-04-21] CHR Extension: (Google Wallet) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21] CHR Extension: (Classic Blue Theme for Google Chrome™) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppbdedflbioggjkeneigjcmpomohajo [2014-08-02] CHR Extension: (Gmail) - C:\Users\RW-01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21] CHR HKLM\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2014-04-21] CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121000 2014-02-15] (SlySoft, Inc.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2014-04-21] () R3 BCM43XX; C:\Windows\System32\DRIVERS\WMP54GSx86.sys [534016 2007-03-12] (Broadcom Corporation) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [28160 2009-07-14] (Hauppauge Computer Works, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2014-04-21] () S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 01:39 - 2014-08-13 01:39 - 00003538 _____ () C:\Users\RW-01\Desktop\AdwCleaner[s0].txt 2014-08-13 01:33 - 2014-08-13 01:35 - 00000000 ____D () C:\AdwCleaner 2014-08-13 01:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-13 01:28 - 2014-08-13 01:40 - 00065228 _____ () C:\Users\RW-01\Desktop\post.txt 2014-08-13 01:28 - 2014-08-13 01:28 - 01366203 _____ () C:\Users\RW-01\Desktop\AdwCleaner.exe 2014-08-13 01:24 - 2014-08-13 01:24 - 00021988 _____ () C:\Users\RW-01\Desktop\Addition.txt 2014-08-13 01:23 - 2014-08-13 20:52 - 00009796 _____ () C:\Users\RW-01\Desktop\FRST.txt 2014-08-13 01:22 - 2014-08-13 20:52 - 00000000 ____D () C:\FRST 2014-08-13 01:22 - 2014-08-13 01:22 - 01092096 _____ (Farbar) C:\Users\RW-01\Desktop\FRST.exe 2014-08-13 00:37 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 00:37 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 00:37 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 00:37 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 00:33 - 2014-07-29 22:13 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 00:33 - 2014-07-29 22:12 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 00:33 - 2014-07-29 22:12 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 06119936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 03632128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 00:33 - 2014-07-29 22:11 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-08-13 00:33 - 2014-07-29 20:33 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-13 00:33 - 2014-07-29 20:25 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 00:33 - 2014-07-25 00:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 00:33 - 2014-07-24 22:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 00:33 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 00:33 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 00:33 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 00:33 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-13 00:33 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 00:33 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 00:33 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 00:33 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-08-13 00:33 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 00:33 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-13 00:33 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-13 00:33 - 2014-04-04 23:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-13 00:33 - 2014-04-04 21:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2014-08-13 00:33 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-13 00:33 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-13 00:33 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-13 00:30 - 2014-08-13 00:30 - 00000000 ____D () C:\Users\RW-01\Desktop\New Folder 2014-08-13 00:10 - 2014-08-13 00:10 - 00001530 _____ () C:\Windows\pcsetup.log 2014-08-12 22:47 - 2014-08-12 22:47 - 34176936 _____ (Oracle Corporation) C:\Users\RW-01\Desktop\jre-8u11-windows-x64.exe 2014-08-12 22:07 - 2014-08-12 22:41 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\FileZilla 2014-08-12 22:07 - 2014-08-12 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-12 22:07 - 2014-08-12 22:07 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-12 00:58 - 2014-08-12 01:42 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\jEdit 2014-08-12 00:54 - 2014-08-12 00:54 - 00000826 _____ () C:\Users\RW-01\Desktop\jEdit.lnk 2014-08-12 00:54 - 2014-08-12 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit 2014-08-12 00:53 - 2014-08-12 00:54 - 00000000 ____D () C:\Program Files\jEdit 2014-08-12 00:35 - 2014-08-12 00:35 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\WinRAR 2014-08-12 00:33 - 2014-08-12 00:33 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-08-12 00:33 - 2014-08-12 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-08-12 00:33 - 2014-08-12 00:33 - 00000000 ____D () C:\Program Files\WinRAR 2014-08-09 14:44 - 2014-08-09 14:44 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-08-09 14:43 - 2014-08-09 14:44 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Notepad++ 2014-08-09 14:43 - 2014-08-09 14:44 - 00000000 ____D () C:\Program Files\Notepad++ 2014-08-05 10:51 - 2014-08-05 11:51 - 00000000 ____D () C:\Users\RW-01\Documents\dvd 2014-08-05 10:42 - 2014-08-05 12:22 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\DVD Flick 2014-08-05 10:42 - 2014-08-05 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick 2014-08-05 10:42 - 2014-08-05 10:42 - 00000000 ____D () C:\Program Files\DVD Flick 2014-08-05 10:31 - 2014-08-05 10:31 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Oracle 2014-08-05 10:30 - 2014-08-05 10:30 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-02 11:30 - 2014-08-12 00:56 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-02 11:30 - 2014-08-02 11:30 - 00000000 ____D () C:\ProgramData\Sun 2014-07-30 14:21 - 2014-07-30 14:21 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD 2014-07-30 14:21 - 2014-07-30 14:21 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2014-07-30 14:21 - 2014-07-30 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2014-07-30 14:20 - 2014-07-30 14:21 - 00000000 ____D () C:\Program Files\AutoGK 2014-07-30 14:20 - 2014-07-30 14:20 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub 2014-07-30 14:20 - 2014-07-30 14:20 - 00000000 ____D () C:\Program Files\Gabest 2014-07-30 10:30 - 2014-07-30 10:30 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter 2014-07-30 10:30 - 2014-07-30 10:30 - 00000000 ____D () C:\Program Files\DVD Decrypter 2014-07-25 16:05 - 2014-07-25 16:05 - 00000114 _____ () C:\Windows\wininit.ini 2014-07-22 13:12 - 2014-07-22 13:14 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Apple Computer 2014-07-22 13:12 - 2014-07-22 13:12 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Apple Computer 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\Program Files\iTunes 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\Program Files\iPod 2014-07-22 13:12 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-07-22 13:11 - 2014-07-22 13:11 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-07-22 13:11 - 2014-07-22 13:11 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Apple 2014-07-22 13:11 - 2014-07-22 13:11 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-07-22 13:10 - 2014-07-22 13:12 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-22 13:10 - 2014-07-22 13:11 - 00000000 ____D () C:\ProgramData\Apple 2014-07-22 13:10 - 2014-07-22 13:10 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-21 13:31 - 2014-07-21 13:31 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Macromedia 2014-07-21 04:26 - 2014-07-21 04:26 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-21 02:28 - 2014-07-21 02:28 - 00000000 ____D () C:\Users\RW-01\dwhelper 2014-07-21 02:17 - 2014-07-21 02:17 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Mozilla 2014-07-21 02:17 - 2014-07-21 02:17 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Mozilla 2014-07-21 02:16 - 2014-07-21 02:16 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-21 02:16 - 2014-07-21 02:16 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-21 02:16 - 2014-07-21 02:16 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-20 15:28 - 2014-08-12 01:54 - 00000000 ____D () C:\ProgramData\Freemake 2014-07-20 15:28 - 2014-07-20 15:29 - 00000000 ____D () C:\Users\RW-01\Documents\Freemake 2014-07-20 15:27 - 2014-08-12 01:54 - 00000000 ____D () C:\Program Files\Freemake 2014-07-20 14:59 - 2014-07-20 14:59 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2014-07-20 14:58 - 2014-07-20 14:58 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Aimersoft 2014-07-20 14:58 - 2014-07-20 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft 2014-07-20 14:58 - 2014-07-20 14:58 - 00000000 ____D () C:\Program Files\Common Files\Aimersoft 2014-07-20 14:58 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\system32\AiCM64.dll 2014-07-20 14:58 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\system32\AiCM32.dll 2014-07-20 01:38 - 2014-07-20 01:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 20:52 - 2014-08-13 01:23 - 00009796 _____ () C:\Users\RW-01\Desktop\FRST.txt 2014-08-13 20:52 - 2014-08-13 01:22 - 00000000 ____D () C:\FRST 2014-08-13 20:51 - 2006-11-02 06:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-13 20:50 - 2008-01-20 21:35 - 01176925 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 20:47 - 2014-04-23 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-08-13 20:47 - 2014-04-21 01:57 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-13 20:46 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-13 20:46 - 2006-11-02 08:47 - 00374512 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-13 20:46 - 2006-11-02 08:47 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-13 20:46 - 2006-11-02 08:47 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-13 03:05 - 2006-11-02 09:01 - 00023254 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-13 02:19 - 2014-04-21 01:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-13 01:40 - 2014-08-13 01:28 - 00065228 _____ () C:\Users\RW-01\Desktop\post.txt 2014-08-13 01:39 - 2014-08-13 01:39 - 00003538 _____ () C:\Users\RW-01\Desktop\AdwCleaner[s0].txt 2014-08-13 01:36 - 2008-01-20 22:47 - 00086456 _____ () C:\Windows\PFRO.log 2014-08-13 01:35 - 2014-08-13 01:33 - 00000000 ____D () C:\AdwCleaner 2014-08-13 01:28 - 2014-08-13 01:28 - 01366203 _____ () C:\Users\RW-01\Desktop\AdwCleaner.exe 2014-08-13 01:24 - 2014-08-13 01:24 - 00021988 _____ () C:\Users\RW-01\Desktop\Addition.txt 2014-08-13 01:22 - 2014-08-13 01:22 - 01092096 _____ (Farbar) C:\Users\RW-01\Desktop\FRST.exe 2014-08-13 01:09 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache 2014-08-13 01:01 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-13 00:54 - 2014-04-21 02:13 - 00000000 ____D () C:\Windows\rnapxs 2014-08-13 00:50 - 2014-04-21 02:50 - 00155356 _____ () C:\Windows\system32\Drivers\KmxAgent.asc 2014-08-13 00:50 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-13 00:41 - 2014-04-21 00:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-13 00:30 - 2014-08-13 00:30 - 00000000 ____D () C:\Users\RW-01\Desktop\New Folder 2014-08-13 00:30 - 2014-05-22 15:45 - 00000000 ____D () C:\Program Files\Solveig Multimedia 2014-08-13 00:21 - 2014-05-22 15:32 - 00000000 ____D () C:\Program Files\NetDvr 2014-08-13 00:10 - 2014-08-13 00:10 - 00001530 _____ () C:\Windows\pcsetup.log 2014-08-13 00:10 - 2014-04-21 02:14 - 00006108 _____ () C:\Windows\system32\FDInstall.log 2014-08-13 00:10 - 2014-04-21 01:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-08-13 00:10 - 2014-04-21 01:56 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-08-12 23:56 - 2014-04-22 20:25 - 00000000 ____D () C:\Windows\PCHEALTH 2014-08-12 22:47 - 2014-08-12 22:47 - 34176936 _____ (Oracle Corporation) C:\Users\RW-01\Desktop\jre-8u11-windows-x64.exe 2014-08-12 22:41 - 2014-08-12 22:07 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\FileZilla 2014-08-12 22:07 - 2014-08-12 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-12 22:07 - 2014-08-12 22:07 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-08-12 01:54 - 2014-07-20 15:28 - 00000000 ____D () C:\ProgramData\Freemake 2014-08-12 01:54 - 2014-07-20 15:27 - 00000000 ____D () C:\Program Files\Freemake 2014-08-12 01:42 - 2014-08-12 00:58 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\jEdit 2014-08-12 00:56 - 2014-08-02 11:30 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-12 00:54 - 2014-08-12 00:54 - 00000826 _____ () C:\Users\RW-01\Desktop\jEdit.lnk 2014-08-12 00:54 - 2014-08-12 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit 2014-08-12 00:54 - 2014-08-12 00:53 - 00000000 ____D () C:\Program Files\jEdit 2014-08-12 00:35 - 2014-08-12 00:35 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\WinRAR 2014-08-12 00:33 - 2014-08-12 00:33 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-08-12 00:33 - 2014-08-12 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-08-12 00:33 - 2014-08-12 00:33 - 00000000 ____D () C:\Program Files\WinRAR 2014-08-11 19:24 - 2014-04-21 00:20 - 00000000 ____D () C:\Users\RW-01 2014-08-11 19:09 - 2014-05-22 12:16 - 00000000 ____D () C:\Program Files\MediaInfo 2014-08-11 19:09 - 2014-04-23 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-08-11 19:09 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-08-11 19:05 - 2014-05-30 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-08-11 19:05 - 2014-05-30 17:24 - 00000000 ____D () C:\Program Files\Coupons 2014-08-11 19:05 - 2014-04-23 18:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-11 19:05 - 2014-04-21 19:16 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\IrfanView 2014-08-11 19:05 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\ShellNew 2014-08-11 19:05 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool 2014-08-11 19:05 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration 2014-08-11 19:05 - 2006-11-02 06:22 - 40370176 _____ () C:\Windows\system32\config\components_previous 2014-08-11 19:05 - 2006-11-02 06:22 - 39321600 _____ () C:\Windows\system32\config\software_previous 2014-08-11 19:05 - 2006-11-02 06:22 - 16515072 _____ () C:\Windows\system32\config\system_previous 2014-08-11 19:05 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-08-11 19:05 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-08-11 19:05 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-08-09 15:31 - 2006-11-02 08:52 - 00031080 _____ () C:\Windows\setupact.log 2014-08-09 14:44 - 2014-08-09 14:44 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-08-09 14:44 - 2014-08-09 14:43 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Notepad++ 2014-08-09 14:44 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\Notepad++ 2014-08-05 12:22 - 2014-08-05 10:42 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\DVD Flick 2014-08-05 11:51 - 2014-08-05 10:51 - 00000000 ____D () C:\Users\RW-01\Documents\dvd 2014-08-05 10:42 - 2014-08-05 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick 2014-08-05 10:42 - 2014-08-05 10:42 - 00000000 ____D () C:\Program Files\DVD Flick 2014-08-05 10:31 - 2014-08-05 10:31 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Oracle 2014-08-05 10:30 - 2014-08-05 10:30 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-02 11:30 - 2014-08-02 11:30 - 00000000 ____D () C:\ProgramData\Sun 2014-07-31 23:42 - 2006-11-02 06:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-07-30 14:21 - 2014-07-30 14:21 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD 2014-07-30 14:21 - 2014-07-30 14:21 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2014-07-30 14:21 - 2014-07-30 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2014-07-30 14:21 - 2014-07-30 14:20 - 00000000 ____D () C:\Program Files\AutoGK 2014-07-30 14:21 - 2014-05-22 11:20 - 00000000 ____D () C:\Program Files\Common Files\Common Share 2014-07-30 14:20 - 2014-07-30 14:20 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub 2014-07-30 14:20 - 2014-07-30 14:20 - 00000000 ____D () C:\Program Files\Gabest 2014-07-30 10:30 - 2014-07-30 10:30 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter 2014-07-30 10:30 - 2014-07-30 10:30 - 00000000 ____D () C:\Program Files\DVD Decrypter 2014-07-29 22:13 - 2014-08-13 00:33 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-29 22:12 - 2014-08-13 00:33 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-29 22:12 - 2014-08-13 00:33 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 06119936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 03632128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-29 22:11 - 2014-08-13 00:33 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-07-29 20:33 - 2014-08-13 00:33 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-07-29 20:25 - 2014-08-13 00:33 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-25 16:05 - 2014-07-25 16:05 - 00000114 _____ () C:\Windows\wininit.ini 2014-07-25 00:26 - 2014-08-13 00:33 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-07-24 22:53 - 2014-08-13 00:33 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-22 13:14 - 2014-07-22 13:12 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Apple Computer 2014-07-22 13:12 - 2014-07-22 13:12 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Apple Computer 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\Program Files\iTunes 2014-07-22 13:12 - 2014-07-22 13:12 - 00000000 ____D () C:\Program Files\iPod 2014-07-22 13:12 - 2014-07-22 13:10 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-22 13:11 - 2014-07-22 13:11 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-07-22 13:11 - 2014-07-22 13:11 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Apple 2014-07-22 13:11 - 2014-07-22 13:11 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-07-22 13:11 - 2014-07-22 13:10 - 00000000 ____D () C:\ProgramData\Apple 2014-07-22 13:10 - 2014-07-22 13:10 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-22 09:44 - 2014-05-22 12:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-22 09:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing 2014-07-21 13:31 - 2014-07-21 13:31 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Macromedia 2014-07-21 04:26 - 2014-07-21 04:26 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-21 02:28 - 2014-07-21 02:28 - 00000000 ____D () C:\Users\RW-01\dwhelper 2014-07-21 02:17 - 2014-07-21 02:17 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\Mozilla 2014-07-21 02:17 - 2014-07-21 02:17 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Mozilla 2014-07-21 02:16 - 2014-07-21 02:16 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-21 02:16 - 2014-07-21 02:16 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-21 02:16 - 2014-07-21 02:16 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-20 15:29 - 2014-07-20 15:28 - 00000000 ____D () C:\Users\RW-01\Documents\Freemake 2014-07-20 14:59 - 2014-07-20 14:59 - 00000000 ____D () C:\Users\RW-01\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2014-07-20 14:58 - 2014-07-20 14:58 - 00000000 ____D () C:\Users\RW-01\AppData\Local\Aimersoft 2014-07-20 14:58 - 2014-07-20 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft 2014-07-20 14:58 - 2014-07-20 14:58 - 00000000 ____D () C:\Program Files\Common Files\Aimersoft 2014-07-20 01:38 - 2014-07-20 01:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf Some content of TEMP: ==================== C:\Users\RW-01\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.3.exe C:\Users\RW-01\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-13 20:52 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014 Ran by RW-01 at 2014-08-13 20:52:35 Running from C:\Users\RW-01\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 7.0 Standard (Version: 7.1.0 - Adobe Systems) Hidden Adobe Acrobat 7.1.0 Standard (HKLM\...\Adobe Acrobat 7.0 Standard - V) (Version: 7.1.0 - Adobe Systems) Adobe Acrobat Reader 3.01 (HKLM\...\Adobe Acrobat Reader 3.01) (Version: - ) Adobe Photoshop Lightroom 4.4 (HKLM\...\{FA6F726E-AA8D-492A-B18A-A5945C337FCE}) (Version: 4.4.1 - Adobe) AnyDVD (HKLM\...\AnyDVD) (Version: 7.4.6.0 - SlySoft) Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MF Toolbox 4.9.1.1.mf16 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf16 - CANON INC.) Canon MF4320-4350 (HKLM\...\{99A5569D-9F86-4f32-A227-1538B731DA42}) (Version: - ) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.) Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.) Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes) Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - ) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) ffdshow v1.3.4500 [2013-01-06] (HKLM\...\ffdshow_is1) (Version: 1.3.4500.0 - ) FileZilla Client 3.9.0.2 (HKLM\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse) Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.) jEdit 5.2pre1 (HKLM\...\jEdit_is1) (Version: 5.2pre1 - Contributors) K-Lite Codec Pack 10.4.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - ) Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OJOsoft Total Video Converter (HKLM\...\OJOsoft Total Video Converter_is1) (Version: 2.7.2.1017 - OJOsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) WinRAR 5.11 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 02-08-2014 15:29:26 Installed Java 7 Update 65 05-08-2014 14:29:23 Installed Java 7 Update 67 06-08-2014 14:49:26 Scheduled Checkpoint 07-08-2014 04:00:01 Scheduled Checkpoint 08-08-2014 04:00:01 Scheduled Checkpoint 09-08-2014 16:25:20 Scheduled Checkpoint 11-08-2014 23:03:18 Restore Operation 12-08-2014 04:55:45 Installed Java 7 Update 67 13-08-2014 04:05:50 Removed Java 7 Update 67 13-08-2014 04:08:02 Removed CouponPrinterPlugin 13-08-2014 04:10:37 Removed CA Parental Controls 13-08-2014 04:21:45 Removed NetDvr 13-08-2014 04:33:30 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {27D244EF-EF28-43A7-8F7B-B7FF0589CB20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {506A26BB-085A-42A2-B940-2E604261499C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {B8760D3E-0EEC-411F-B4F4-038AD9236DAF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {FCCA6D28-7541-4805-8CC4-8B431A1B56E6} - System32\Tasks\PastaQuotes => C:\Program Files\pastaleads\ScheduledTask.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-31 11:22 - 2014-07-31 11:22 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll 2014-07-20 14:58 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\System32\AiCM32.dll 2011-04-20 01:21 - 2011-04-20 01:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" MSCONFIG\startupreg: cctray => "C:\Program Files\Total Defense\Internet Security Suite\casc.exe" MSCONFIG\startupreg: updateMgr => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcStd7_1_0 -reboot 1 MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/13/2014 08:47:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 01:38:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 00:54:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 00:10:37 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {02e1da45-e189-4087-906d-e5256c10385b} Error: (08/12/2014 11:59:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 09:04:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 07:11:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 07:09:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -528 Error: (08/11/2014 07:09:20 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Catalog Database (1544) Catalog Database: Error -1811 occurred while opening logfile C:\Windows\system32\CatRoot2\edb0014A.log. Error: (08/11/2014 04:57:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/13/2014 03:05:32 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/13/2014 01:35:57 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/13/2014 00:50:29 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/12/2014 11:54:41 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/12/2014 11:54:38 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/12/2014 02:00:34 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/11/2014 07:11:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Windows Image Acquisition (WIA) Error: (08/11/2014 07:11:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: PastaQuotes Error: (08/11/2014 07:11:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Network List Service Error: (08/11/2014 07:11:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: IP Helper Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-08-13 20:47:15.054 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 01:38:08.374 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:54:59.241 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:54:59.039 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:54:58.867 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:54:58.664 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:09:37.366 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\KmxAMRT.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:09:37.210 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\KmxAMRT.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:09:37.054 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\KmxAMRT.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 00:09:36.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\KmxAMRT.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon Dual Core Processor 5050e Percentage of memory in use: 34% Total physical RAM: 3326.18 MB Available physical RAM: 2163.41 MB Total Pagefile: 6880.89 MB Available Pagefile: 5788.3 MB Total Virtual: 2047.88 MB Available Virtual: 1918.94 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.57 GB) (Free:157.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Quick Start) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 224 GB) (Disk ID: C006EF4F) Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS) ==================== End Of Log ============================
August 16, 201410 yr Hi 66vdub and welcome to Free PC Help Forum. Ok, let's get started now: Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 2 You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer: Avira AntiVir Bitdefender Free MS Security Essentials Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove. In your next reply, please submit: Fixlog.txt Thanks.fixlist.txt
August 16, 201410 yr Author Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 02 Ran by RW-01 at 2014-08-16 09:01:07 Run:1 Running from C:\Users\RW-01\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL = BHO: Aimersoft Video Converter Ultimate -> {54F73992-6549-4369-9A0D-84FD310A464A} -> C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll No File Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] 2014-08-11 19:05 - 2014-05-30 17:24 - 00000000 ____D () C:\Program Files\Coupons C:\Users\RW-01\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.3.exe C:\Users\RW-01\AppData\Local\Temp\Quarantine.exe Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {FCCA6D28-7541-4805-8CC4-8B431A1B56E6} - System32\Tasks\PastaQuotes => C:\Program Files\pastaleads\ScheduledTask.exe C:\Program Files\pastaleads Hosts: CMD: ipconfig /flushdns EmptyTemp: ***************** "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}" => Key deleted successfully. "HKCR\CLSID\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54F73992-6549-4369-9A0D-84FD310A464A}" => Key deleted successfully. "HKCR\CLSID\{54F73992-6549-4369-9A0D-84FD310A464A}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully. "HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}" => Key not found. CouponPrinterService => Service stopped successfully. CouponPrinterService => Service deleted successfully. IpInIp => Service deleted successfully. NwlnkFlt => Service deleted successfully. NwlnkFwd => Service deleted successfully. C:\Program Files\Coupons => Moved successfully. C:\Users\RW-01\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.3.exe => Moved successfully. C:\Users\RW-01\AppData\Local\Temp\Quarantine.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCCA6D28-7541-4805-8CC4-8B431A1B56E6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCCA6D28-7541-4805-8CC4-8B431A1B56E6}" => Key deleted successfully. C:\Windows\System32\Tasks\PastaQuotes => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully. "C:\Program Files\pastaleads" => File/Directory not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 732.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
August 16, 201410 yr Hi 66vdub The fix ran well, things are looking good now. Which AV did you install? Let's double check everything now. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Vista/Windows 7 users right-click and select Run As Administrator. on Combo-Fix.exe Please follow any prompts Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks
August 16, 201410 yr Author Just got done running Avira Free... No Detections. I do have Total Defense Premium I had it installed, but in reading a few other posts on the last site, running it and Malwarebytes and windows defender is no good.
August 16, 201410 yr Author ComboFix 14-08-15.01 - RW-01 08/16/2014 9:59.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1983 [GMT -4:00] Running from: c:\users\RW-01\Desktop\Combo-Fix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\users\RW-01\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-07-16 to 2014-08-16 ))))))))))))))))))))))))))))))) . . 2014-08-16 14:03 . 2014-08-16 14:06 -------- d-----w- c:\users\RW-01\AppData\Local\temp 2014-08-16 13:19 . 2014-08-16 13:19 -------- d-----w- c:\users\RW-01\AppData\Roaming\Avira 2014-08-16 13:17 . 2014-07-23 17:29 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-08-16 13:17 . 2014-07-23 17:29 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2014-08-16 13:17 . 2014-07-23 17:29 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-08-16 13:15 . 2014-08-16 13:17 -------- d-----w- c:\program files\Avira 2014-08-16 13:15 . 2014-08-16 13:17 -------- d-----w- c:\programdata\Avira 2014-08-16 13:15 . 2014-08-16 13:15 -------- d-----w- c:\programdata\Package Cache 2014-08-13 05:33 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-08-13 05:33 . 2014-08-13 05:35 -------- d-----w- C:\AdwCleaner 2014-08-13 05:22 . 2014-08-16 13:01 -------- d-----w- C:\FRST 2014-08-13 04:37 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-13 04:37 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-13 04:37 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe 2014-08-13 04:37 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-13 02:07 . 2014-08-13 02:41 -------- d-----w- c:\users\RW-01\AppData\Roaming\FileZilla 2014-08-13 02:07 . 2014-08-13 02:07 -------- d-----w- c:\program files\FileZilla FTP Client 2014-08-12 04:58 . 2014-08-12 05:42 -------- d-----w- c:\users\RW-01\AppData\Roaming\jEdit 2014-08-12 04:53 . 2014-08-12 04:54 -------- d-----w- c:\program files\jEdit 2014-08-09 18:43 . 2014-08-09 18:44 -------- d-----w- c:\users\RW-01\AppData\Roaming\Notepad++ 2014-08-09 18:43 . 2014-08-09 18:44 -------- d-----w- c:\program files\Notepad++ 2014-08-05 14:42 . 2014-08-05 16:22 -------- d-----w- c:\users\RW-01\AppData\Roaming\DVD Flick 2014-08-05 14:42 . 2014-08-05 14:42 -------- d-----w- c:\program files\DVD Flick 2014-08-05 14:31 . 2014-08-05 14:31 -------- d-----w- c:\users\RW-01\AppData\Roaming\Oracle 2014-08-05 14:30 . 2014-08-05 14:30 -------- d-----w- c:\program files\Common Files\Java 2014-08-02 15:30 . 2014-08-12 04:56 -------- d-----w- c:\programdata\Oracle 2014-07-30 18:20 . 2014-07-30 18:20 -------- d-----w- c:\program files\Gabest 2014-07-30 18:20 . 2014-07-30 18:21 -------- d-----w- c:\program files\AutoGK 2014-07-30 14:30 . 2014-07-30 14:30 -------- d-----w- c:\program files\DVD Decrypter 2014-07-22 17:12 . 2014-07-22 17:14 -------- d-----w- c:\users\RW-01\AppData\Roaming\Apple Computer 2014-07-22 17:12 . 2014-07-22 17:12 -------- d-----w- c:\users\RW-01\AppData\Local\Apple Computer 2014-07-22 17:12 . 2014-07-22 17:12 -------- dc----w- c:\windows\system32\DRVSTORE 2014-07-22 17:12 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2014-07-22 17:12 . 2014-07-22 17:12 -------- d-----w- c:\program files\iPod 2014-07-22 17:12 . 2014-07-22 17:12 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-22 17:12 . 2014-07-22 17:12 -------- d-----w- c:\program files\iTunes 2014-07-22 17:12 . 2014-07-22 17:12 -------- d-----w- c:\programdata\Apple Computer 2014-07-22 17:11 . 2014-07-22 17:11 -------- d-----w- c:\users\RW-01\AppData\Local\Apple 2014-07-22 17:11 . 2014-07-22 17:11 -------- d-----w- c:\program files\Apple Software Update 2014-07-22 17:10 . 2014-07-22 17:10 -------- d-----w- c:\program files\Bonjour 2014-07-22 17:10 . 2014-07-22 17:12 -------- d-----w- c:\program files\Common Files\Apple 2014-07-22 17:10 . 2014-07-22 17:11 -------- d-----w- c:\programdata\Apple 2014-07-21 17:31 . 2014-07-21 17:31 -------- d-----w- c:\users\RW-01\AppData\Local\Macromedia 2014-07-21 08:26 . 2014-07-21 08:26 -------- d-----w- c:\windows\system32\Macromed 2014-07-21 06:28 . 2014-07-21 06:28 -------- d-----w- c:\users\RW-01\dwhelper 2014-07-21 06:26 . 2014-06-06 04:39 46704 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll 2014-07-21 06:26 . 2014-06-06 04:38 822384 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll 2014-07-21 06:26 . 2014-06-06 04:38 1022576 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll 2014-07-21 06:26 . 2014-06-06 04:38 10594416 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll 2014-07-21 06:17 . 2014-07-21 06:17 -------- d-----w- c:\users\RW-01\AppData\Local\Mozilla 2014-07-20 19:28 . 2014-08-12 05:54 -------- d-----w- c:\programdata\Freemake 2014-07-20 19:27 . 2014-08-12 05:54 -------- d-----w- c:\program files\Freemake 2014-07-20 18:59 . 2014-07-20 18:59 -------- d-----w- c:\users\RW-01\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2014-07-20 18:58 . 2014-07-20 18:58 -------- d-----w- c:\users\RW-01\AppData\Local\Aimersoft 2014-07-20 18:58 . 2014-07-20 18:58 -------- d-----w- c:\program files\Common Files\Aimersoft 2014-07-20 18:58 . 2013-08-23 17:36 721263 ----a-w- c:\windows\system32\AiCM64.dll 2014-07-20 18:58 . 2013-08-07 18:31 214528 ----a-w- c:\windows\system32\AiCM32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-16 13:30 . 2014-04-23 22:37 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-07-30 02:11 . 2014-08-13 04:33 53760 ----a-w- c:\windows\apppatch\iebrshim.dll 2014-06-11 01:50 . 2014-06-11 01:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll 2014-06-11 01:50 . 2014-06-11 01:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aimersoft Helper Compact.exe"="c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2013-05-29 1734144] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392] "Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-23 751184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2014-4-22 25214] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2008-04-23 06:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SSMDRV *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-08-15 17:18 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-21 05:57] . 2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-21 05:57] . . ------- Supplementary Scan ------- . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 24.178.162.3 24.159.64.23 66.189.0.100 FF - ProfilePath - c:\users\RW-01\AppData\Roaming\Mozilla\Firefox\Profiles\pw3qn2he.default\ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-BrowserPlugInHelper - c:\program files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe Notify-PFW - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-cctray - c:\program files\Total Defense\Internet Security Suite\casc.exe AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files\Coupons\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-08-16 10:06 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2788) c:\program files\FileZilla FTP Client\libwinpthread-1.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atiesrxx.exe c:\windows\system32\atieclxx.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe c:\windows\System32\WUDFHost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2014-08-16 10:08:15 - machine was rebooted ComboFix-quarantined-files.txt 2014-08-16 14:08 . Pre-Run: 169,647,185,920 bytes free Post-Run: 172,795,478,016 bytes free . - - End Of File - - A33DEDF6F60C32043D1B445091AA1091 5C616939100B85E558DA92B899A0FC36
August 16, 201410 yr Author Hi 66vdub and welcome to Free PC Help Forum. Ok, let's get started now: Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 2 You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer: Avira AntiVir Bitdefender Free MS Security Essentials Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove. In your next reply, please submit: Fixlog.txt Thanks. I just rec'd an email with this post... it had a step 3 ( run Free PC Help Forum ) I didn't see that posted here... I have not ran that. should I?
August 16, 201410 yr Hi 66vdub, I edited out step 3 after posting as i'd decided that Combofix would have been a better choice as a double check. That's why you probably saw step 3 in the email notification, but not on the actual thread. The Combofix report looks good. How is the system running now? Any problems?
August 16, 201410 yr Author No problems that I can tell... all popup ads are gone. thanks again for your time.
August 16, 201410 yr No problems that I can tell... all popup ads are gone. Ok, that's good. It seems that AdwCleaner did a good job when it was originally run. Let's finish the cleaning process and remove the tools we have used. We'll also set you a fresh restore point. Step 1 Restart MBAM. Click on the History tab >> Quarantine Tick to select all items (if any there ) and then click the Delete button. Close MBAM. Step 2 Download Delfix and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore . Click the Run button. When the tool has finished, a log will open in notepad.... but i don't actually need this report To find out how you may have been infected....read this topic: How did i get infected? Glad I was able to help. Safe surfing.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.