Jump to content

Trouble Downloading Malwarebytes (File Corrupted?)


kitheka

Recommended Posts

Hello,

 

I'm pretty sure I clicked something malicious yesterday, as I've been trying to remove different programs from my computer for the last 24 hours. I tried to download Malwarebytes, but it said that the file was corrupt. Anyway, I just tried to run Farbar Recovery Scan Tool--it downloaded the file, but then it said "...\FRST64.exe is not a valid win32 application."

 

Any help would be greatly appreciated. I hadn't gotten a virus in years--I feel pretty dumb!

 

Thanks

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

Rename FRST.exe to FRST.com  and try to run it.

Link to post
Share on other sites

OK, then we have to get a look from the outside...

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Sorry, was at work all day and I've been trying to figure this out.

 

I ended up creating a Windows Repair Disc, and I finally got my computer to boot it up first. I also had a flash drive plugged in with frst64.exe copied onto it. When I opened notepad to look for the correct drive, the options were "OS (C:)", "Recovery (D:)", and "Boot (X:)". None of these seemed right, because of the drive names, and the fact that it says that D is 20 gb and X is 30 Mb. My flashdrive is about 8 gb. But I went back to the command prompt and tried them all anyway...c:\frst64.exe, d:\frst64.exe, and x:\frst64.exe. All of the errors said that is was "not recognized as an internal or external command, operable program or batch file." On my regularly booted computer, my flashdrive is d:\, if that makes any difference.

 

I also tried copying frst64.exe to a folder in the c drive, and then going back into the recovery mode to retrieve it there. It then popped up with the dialog box: "c:\program files\frst64.exe is not a valid win32 application."

 

I'm at a loss. What do you think I should do next? Am I doing something wrong? Would it be easiest to just reformat my computer? I don't really know how, but I could try. This laptop is primarily just used for internet and simple word processing, so I don't have relaly any programs installed.

Link to post
Share on other sites

Finally! I only have the two USB ports, so I ended up switching my flash drive with the external CD drive. SO now it worked:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by SYSTEM on MININT-2BDN294 on 24-09-2014 19:09:18
Running from e:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe --tray --autorun
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2984688 2011-08-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-09-17] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-19] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Catherine\...\Run: [Akamai NetSession Interface] => C:\Users\Catherine\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Catherine\...\Run: [Google Update] => C:\Users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-06] (Google Inc.)
HKU\Catherine\...\Run: [f.lux] => C:\Users\Catherine\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Catherine\...\Run: [GoogleChromeAutoLaunch_299D1954AA0A9120090187A4A4A95B5A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\Catherine\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-19] (AVAST Software)
S2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-19] ()
S2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-19] ()
S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5778968 2014-07-13] (Hola Networks Ltd.)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-09] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
S2 Update ClearThink; C:\Program Files (x86)\ClearThink\updateClearThink.exe [325360 2014-09-23] ()
S2 Util ClearThink; C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe [522480 2014-09-24] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
S0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-28] (ASUS Corporation)
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows ® Win 7 DDK provider)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-19] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-19] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-19] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-19] ()
S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [110592 2012-04-04] (ASIX Electronics Corp.)
S3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-19] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-19] (Intel Corporation)
S3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-19] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-19] (Intel Corporation)
S3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-19] (Intel Corporation)
S3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-19] (Intel Corporation)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-09] (Intel Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [44688 2014-09-19] (StdLib)
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 19:09 - 2014-09-24 19:09 - 00000000 ____D () C:\FRST
2014-09-23 21:12 - 2014-09-23 21:12 - 00821760 _____ (Browser Opt-out) C:\Users\Catherine\Downloads\uninstall.exe
2014-09-23 20:41 - 2014-09-22 05:32 - 02104396 _____ () C:\Program Files\FRST64.exe
2014-09-23 19:55 - 2014-09-23 20:00 - 00000380 _____ () C:\Users\Administrator.Bartholomew\AppData\Roaming\sp_data.sys
2014-09-23 19:55 - 2014-09-23 19:55 - 00058016 _____ () C:\Users\Administrator.Bartholomew\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 19:55 - 2014-09-23 19:55 - 00002253 _____ () C:\Users\Administrator.Bartholomew\Desktop\Google Chrome.lnk
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Roaming\AVAST Software
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Roaming\Adobe
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Local\Google
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 _____ () C:\Users\Administrator.Bartholomew\agent.log
2014-09-23 19:54 - 2014-09-23 19:55 - 00000000 ____D () C:\users\Administrator.Bartholomew
2014-09-23 19:54 - 2014-09-23 19:54 - 00000020 ___SH () C:\Users\Administrator.Bartholomew\ntuser.ini
2014-09-23 19:54 - 2014-09-23 19:54 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Roaming\Intel
2014-09-23 19:54 - 2014-09-23 19:54 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Local\ASUS
2014-09-23 19:33 - 2014-09-23 19:35 - 00000000 ____D () C:\Users\Catherine\Desktop\Win7
2014-09-23 19:05 - 2014-09-23 19:06 - 01943376 _____ (BitTorrent Inc.) C:\Users\Catherine\Downloads\uTorrent.exe
2014-09-23 18:52 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-09-23 18:52 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 07:34 - 2014-09-22 07:34 - 02093580 _____ () C:\Users\Catherine\Desktop\FRST64.exe
2014-09-22 05:32 - 2014-09-22 05:32 - 02104396 _____ () C:\Users\Catherine\Downloads\FRST64.exe
2014-09-21 07:58 - 2014-09-21 07:58 - 13083076 _____ (Microsoft Corporation) C:\Users\Catherine\Downloads\Silverlight_x64.exe
2014-09-20 19:59 - 2014-09-20 19:59 - 00079991 _____ () C:\Users\Catherine\Downloads\silverlight.diagcab
2014-09-20 17:48 - 2014-09-20 17:48 - 02094176 _____ () C:\Users\Catherine\Downloads\FRST64.com.exe
2014-09-20 16:46 - 2014-09-20 16:46 - 17216840 _____ () C:\Users\Catherine\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-20 16:41 - 2014-09-20 16:41 - 17200780 _____ (Malwarebytes Corporation ) C:\Users\Catherine\Downloads\mbam-setup-2.0.2.1012.exe.exe
2014-09-20 09:04 - 2014-09-20 09:04 - 00000043 _____ () C:\Users\Catherine\AppData\Roaming\WB.CFG
2014-09-19 18:21 - 2014-09-19 12:59 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-19 17:44 - 2014-09-24 17:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-19 17:44 - 2014-09-19 17:44 - 01041168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00427360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00307344 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-09-19 17:44 - 2014-09-19 17:44 - 00224896 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00092008 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-19 17:44 - 2014-09-19 17:44 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-19 17:44 - 2014-09-19 17:44 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\AVAST Software
2014-09-19 17:39 - 2014-09-19 17:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-19 17:38 - 2014-09-19 17:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 17:38 - 2014-09-19 17:38 - 04862664 _____ (AVAST Software) C:\Users\Catherine\Downloads\avast_free_antivirus_setup_online.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 00000000 ____D () C:\ProgramData\374311380
2014-09-19 17:30 - 2014-09-19 17:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-19 17:30 - 2014-09-19 17:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 17:30 - 2014-09-19 17:30 - 00000000 ____D () C:\Windows\System32\Macromed
2014-09-19 17:29 - 2014-09-23 21:12 - 00003262 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-09-19 17:29 - 2014-09-23 21:12 - 00000306 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-09-19 17:29 - 2014-09-20 18:35 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-09-19 17:29 - 2014-09-19 17:29 - 17328816 _____ (Adobe Systems Incorporated) C:\Users\Catherine\Downloads\install_flash_player_ax.exe
2014-09-19 17:29 - 2014-09-19 17:29 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\UpdaterEX
2014-09-19 17:27 - 2014-09-19 17:27 - 00793240 _____ ( ) C:\Users\Catherine\Downloads\Adobe_Flash_Setup.exe
2014-09-19 17:24 - 2014-09-19 17:25 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Mozilla
2014-09-19 17:24 - 2014-09-19 17:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-19 17:19 - 2014-09-19 17:19 - 00244216 _____ () C:\Users\Catherine\Downloads\Firefox Setup Stub 32.0.2.exe
2014-09-19 17:16 - 2014-09-19 17:16 - 00570592 _____ () C:\Users\Catherine\Downloads\Adobe Flash Player for Desktops 11.5.50 (1).exe
2014-09-19 17:15 - 2014-09-23 21:13 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Adobe
2014-09-19 17:15 - 2014-09-23 21:12 - 00004264 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333833383537323330352d5a556c6c4a5a575750414134
2014-09-19 17:15 - 2014-09-23 21:12 - 00003856 _____ () C:\Windows\System32\Tasks\Smp
2014-09-19 17:15 - 2014-09-23 21:12 - 00003598 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\Users\Catherine\AppData\Local\CrashRpt
2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\ProgramData\SearchModule
2014-09-19 17:14 - 2014-09-19 17:14 - 00570592 _____ () C:\Users\Catherine\Downloads\Adobe Flash Player for Desktops 11.5.50.exe
2014-09-15 18:06 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-09-15 18:06 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 18:06 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-15 18:06 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-15 18:06 - 2014-08-18 14:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-09-15 18:06 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 18:06 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-15 18:06 - 2014-08-18 14:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-09-15 18:06 - 2014-08-18 14:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-09-15 18:06 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-09-15 18:06 - 2014-08-18 14:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-09-15 18:06 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-09-15 18:06 - 2014-08-18 14:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 18:06 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-15 18:06 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-09-15 18:06 - 2014-08-18 14:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-09-15 18:06 - 2014-08-18 14:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-09-15 18:06 - 2014-08-18 14:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-09-15 18:06 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-09-15 18:06 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 18:06 - 2014-08-18 13:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-15 18:06 - 2014-08-18 13:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-09-15 18:06 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 18:06 - 2014-08-18 13:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-15 18:06 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 18:06 - 2014-08-18 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 18:06 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 18:06 - 2014-08-18 13:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 18:06 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-09-15 18:06 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-15 18:06 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 18:06 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 18:06 - 2014-08-18 13:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-09-15 18:06 - 2014-08-18 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 18:06 - 2014-08-18 13:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 18:06 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 18:06 - 2014-08-18 13:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 18:06 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-15 18:06 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-09-15 18:06 - 2014-08-18 13:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-09-15 18:06 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-09-15 18:06 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 18:06 - 2014-08-18 13:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 18:06 - 2014-08-18 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 18:06 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 18:06 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-15 18:06 - 2014-08-18 13:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 18:06 - 2014-08-18 13:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-09-15 18:06 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 18:06 - 2014-08-18 13:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 18:06 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 18:06 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-15 18:06 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 18:06 - 2014-08-18 12:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 18:06 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-09-15 18:06 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 18:02 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-09-15 18:02 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:30 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-11 19:30 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-11 19:30 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2014-09-11 19:30 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 19:30 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-11 19:30 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-11 19:30 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 19:30 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 19:30 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 19:30 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-09-11 19:30 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-27 17:48 - 2014-08-27 17:48 - 00139523 _____ () C:\Users\Catherine\Downloads\download.htm
2014-08-27 17:05 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 17:05 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 17:05 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 19:09 - 2014-09-24 19:09 - 00000000 ____D () C:\FRST
2014-09-24 17:58 - 2012-09-17 14:11 - 02073123 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 17:58 - 2009-07-13 20:51 - 00068964 _____ () C:\Windows\setupact.log
2014-09-24 17:57 - 2014-09-19 17:15 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Adobe
2014-09-24 17:57 - 2013-10-06 08:17 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571916134-4208678346-963886956-1000UA.job
2014-09-24 17:57 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-24 17:56 - 2014-09-19 17:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-24 17:56 - 2013-08-27 17:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 17:56 - 2013-08-27 17:07 - 00000380 _____ () C:\Users\Catherine\AppData\Roaming\sp_data.sys
2014-09-23 21:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 21:12 - 2014-09-23 21:12 - 00821760 _____ (Browser Opt-out) C:\Users\Catherine\Downloads\uninstall.exe
2014-09-23 21:12 - 2014-09-19 17:29 - 00003262 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-09-23 21:12 - 2014-09-19 17:29 - 00000306 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-09-23 21:12 - 2014-09-19 17:15 - 00004264 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333833383537323330352d5a556c6c4a5a575750414134
2014-09-23 21:12 - 2014-09-19 17:15 - 00003856 _____ () C:\Windows\System32\Tasks\Smp
2014-09-23 21:12 - 2014-09-19 17:15 - 00003598 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-09-23 21:12 - 2013-11-03 18:13 - 00003094 _____ () C:\Windows\System32\Tasks\{B310D8B0-27F3-47B1-9FE9-BA5FEAFE32AF}
2014-09-23 21:12 - 2013-09-10 18:36 - 00003114 _____ () C:\Windows\System32\Tasks\{03380077-D43D-4A5E-AAF6-C14FCACD7D9E}
2014-09-23 21:12 - 2013-09-10 18:35 - 00003114 _____ () C:\Windows\System32\Tasks\{EB06F309-3737-40F2-9C37-113F6CDA00DC}
2014-09-23 21:12 - 2013-08-29 15:51 - 00002986 _____ () C:\Windows\System32\Tasks\ATKOSD2
2014-09-23 21:12 - 2012-09-17 14:19 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-09-23 21:12 - 2012-09-17 14:19 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-09-23 21:12 - 2012-09-17 14:19 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-09-23 21:12 - 2012-09-17 14:19 - 00002986 _____ () C:\Windows\System32\Tasks\ASUS SmartLogon Console Sensor
2014-09-23 21:12 - 2012-09-17 14:19 - 00002966 _____ () C:\Windows\System32\Tasks\Secure Delete
2014-09-23 21:12 - 2012-09-17 14:18 - 00003440 _____ () C:\Windows\System32\Tasks\ASUS Quick Gesture (x64)
2014-09-23 21:12 - 2012-09-17 14:18 - 00003424 _____ () C:\Windows\System32\Tasks\ASUS Quick Gesture
2014-09-23 21:12 - 2012-09-17 14:18 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2014-09-23 21:12 - 2012-09-17 14:14 - 00003494 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2014-09-23 21:12 - 2012-09-17 14:14 - 00003190 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2014-09-23 21:12 - 2012-09-17 14:14 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-23 21:12 - 2012-09-17 14:14 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-23 20:58 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 20:58 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 20:56 - 2009-07-13 21:13 - 00782904 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-23 20:51 - 2013-08-27 17:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 20:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 20:26 - 2014-06-07 11:10 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\uTorrent
2014-09-23 20:09 - 2009-07-28 21:10 - 00000000 ____D () C:\users\Administrator
2014-09-23 20:00 - 2014-09-23 19:55 - 00000380 _____ () C:\Users\Administrator.Bartholomew\AppData\Roaming\sp_data.sys
2014-09-23 19:55 - 2014-09-23 19:55 - 00058016 _____ () C:\Users\Administrator.Bartholomew\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 19:55 - 2014-09-23 19:55 - 00002253 _____ () C:\Users\Administrator.Bartholomew\Desktop\Google Chrome.lnk
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Roaming\AVAST Software
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Roaming\Adobe
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Local\Google
2014-09-23 19:55 - 2014-09-23 19:55 - 00000000 _____ () C:\Users\Administrator.Bartholomew\agent.log
2014-09-23 19:55 - 2014-09-23 19:54 - 00000000 ____D () C:\users\Administrator.Bartholomew
2014-09-23 19:54 - 2014-09-23 19:54 - 00000020 ___SH () C:\Users\Administrator.Bartholomew\ntuser.ini
2014-09-23 19:54 - 2014-09-23 19:54 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Roaming\Intel
2014-09-23 19:54 - 2014-09-23 19:54 - 00000000 ____D () C:\Users\Administrator.Bartholomew\AppData\Local\ASUS
2014-09-23 19:35 - 2014-09-23 19:33 - 00000000 ____D () C:\Users\Catherine\Desktop\Win7
2014-09-23 19:28 - 2011-08-28 00:59 - 00105866 _____ () C:\Windows\PFRO.log
2014-09-23 19:06 - 2014-09-23 19:05 - 01943376 _____ (BitTorrent Inc.) C:\Users\Catherine\Downloads\uTorrent.exe
2014-09-23 18:32 - 2013-10-06 08:17 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571916134-4208678346-963886956-1000Core.job
2014-09-22 07:34 - 2014-09-22 07:34 - 02093580 _____ () C:\Users\Catherine\Desktop\FRST64.exe
2014-09-22 05:32 - 2014-09-23 20:41 - 02104396 _____ () C:\Program Files\FRST64.exe
2014-09-22 05:32 - 2014-09-22 05:32 - 02104396 _____ () C:\Users\Catherine\Downloads\FRST64.exe
2014-09-21 19:51 - 2014-07-13 11:17 - 00000000 ____D () C:\Program Files\Hola
2014-09-21 19:50 - 2013-10-06 17:09 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\SoftGrid Client
2014-09-21 07:58 - 2014-09-21 07:58 - 13083076 _____ (Microsoft Corporation) C:\Users\Catherine\Downloads\Silverlight_x64.exe
2014-09-20 19:59 - 2014-09-20 19:59 - 00079991 _____ () C:\Users\Catherine\Downloads\silverlight.diagcab
2014-09-20 18:35 - 2014-09-19 17:29 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-09-20 17:48 - 2014-09-20 17:48 - 02094176 _____ () C:\Users\Catherine\Downloads\FRST64.com.exe
2014-09-20 17:28 - 2014-03-08 21:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-20 16:46 - 2014-09-20 16:46 - 17216840 _____ () C:\Users\Catherine\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-20 16:41 - 2014-09-20 16:41 - 17200780 _____ (Malwarebytes Corporation ) C:\Users\Catherine\Downloads\mbam-setup-2.0.2.1012.exe.exe
2014-09-20 16:14 - 2013-09-20 19:48 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\vlc
2014-09-20 09:04 - 2014-09-20 09:04 - 00000043 _____ () C:\Users\Catherine\AppData\Roaming\WB.CFG
2014-09-19 17:44 - 2014-09-19 17:44 - 01041168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00427360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00307344 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-09-19 17:44 - 2014-09-19 17:44 - 00224896 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00092008 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-19 17:44 - 2014-09-19 17:44 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-09-19 17:44 - 2014-09-19 17:44 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-19 17:44 - 2014-09-19 17:44 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\AVAST Software
2014-09-19 17:39 - 2014-09-19 17:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-19 17:39 - 2014-09-19 17:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 17:38 - 2014-09-19 17:38 - 04862664 _____ (AVAST Software) C:\Users\Catherine\Downloads\avast_free_antivirus_setup_online.exe
2014-09-19 17:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-19 17:32 - 2014-09-19 17:32 - 00000000 ____D () C:\ProgramData\374311380
2014-09-19 17:30 - 2014-09-19 17:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-19 17:30 - 2014-09-19 17:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 17:30 - 2014-09-19 17:30 - 00000000 ____D () C:\Windows\System32\Macromed
2014-09-19 17:29 - 2014-09-19 17:29 - 17328816 _____ (Adobe Systems Incorporated) C:\Users\Catherine\Downloads\install_flash_player_ax.exe
2014-09-19 17:29 - 2014-09-19 17:29 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\UpdaterEX
2014-09-19 17:27 - 2014-09-19 17:27 - 00793240 _____ ( ) C:\Users\Catherine\Downloads\Adobe_Flash_Setup.exe
2014-09-19 17:25 - 2014-09-19 17:24 - 00000000 ____D () C:\Users\Catherine\AppData\Local\Mozilla
2014-09-19 17:25 - 2014-06-09 05:30 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\Mozilla
2014-09-19 17:24 - 2014-09-19 17:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-19 17:19 - 2014-09-19 17:19 - 00244216 _____ () C:\Users\Catherine\Downloads\Firefox Setup Stub 32.0.2.exe
2014-09-19 17:16 - 2014-09-19 17:16 - 00570592 _____ () C:\Users\Catherine\Downloads\Adobe Flash Player for Desktops 11.5.50 (1).exe
2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\Users\Catherine\AppData\Local\CrashRpt
2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\ProgramData\SearchModule
2014-09-19 17:14 - 2014-09-19 17:14 - 00570592 _____ () C:\Users\Catherine\Downloads\Adobe Flash Player for Desktops 11.5.50.exe
2014-09-19 12:59 - 2014-09-19 18:21 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-15 18:05 - 2013-10-06 17:08 - 00786656 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-15 18:05 - 2013-09-06 17:57 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-15 18:02 - 2014-05-11 08:24 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-15 18:02 - 2013-09-06 17:57 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-15 08:06 - 2013-08-28 05:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-09-09 14:11 - 2014-09-23 18:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-09-09 13:47 - 2014-09-23 18:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-06 14:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-09-04 18:10 - 2014-09-11 19:30 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-04 18:05 - 2014-09-11 19:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-31 07:07 - 2009-07-13 20:45 - 00267672 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-27 17:48 - 2014-08-27 17:48 - 00139523 _____ () C:\Users\Catherine\Downloads\download.htm
 
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\Execute2App.exe
C:\Users\Catherine\AppData\Local\Temp\GUR554F.exe
C:\Users\Catherine\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Catherine\AppData\Local\Temp\msvcp90.dll
C:\Users\Catherine\AppData\Local\Temp\msvcr90.dll
C:\Users\Catherine\AppData\Local\Temp\nskFF58.exe
C:\Users\Catherine\AppData\Local\Temp\nssAF52.exe
C:\Users\Catherine\AppData\Local\Temp\nssF348.exe
C:\Users\Catherine\AppData\Local\Temp\nsyB8E5.exe
C:\Users\Catherine\AppData\Local\Temp\nsyFEFD.exe
C:\Users\Catherine\AppData\Local\Temp\optprosetup.exe
C:\Users\Catherine\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Catherine\AppData\Local\Temp\SUABnRRemoveAll.exe
C:\Users\Catherine\AppData\Local\Temp\tu17p84.exe
C:\Users\Catherine\AppData\Local\Temp\uttEE1C.tmp.exe
C:\Users\Catherine\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3981.98 MB
Available physical RAM: 3374.13 MB
Total Pagefile: 3980.13 MB
Available Pagefile: 3367.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:209.76 GB) (Free:135.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.61 GB) (Free:13.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.75 GB) (Free:1.95 GB) FAT32
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 234.7 GB) (Disk ID: FC2BB9B8)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 000473D4)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)
 
 
LastRegBack: 2014-09-21 08:29
 
==================== End Of Log ============================
Link to post
Share on other sites

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\Catherine\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /bootHKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /bootS1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [44688 2014-09-19] (StdLib)S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5778968 2014-07-13] (Hola Networks Ltd.)S2 Update ClearThink; C:\Program Files (x86)\ClearThink\updateClearThink.exe [325360 2014-09-23] ()S2 Util ClearThink; C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe [522480 2014-09-24] ()C:\Program Files\HolaC:\Program Files\Common Files\Goobzo2014-09-23 21:12 - 2014-09-23 21:12 - 00821760 _____ (Browser Opt-out) C:\Users\Catherine\Downloads\uninstall.exe2014-09-23 21:12 - 2014-09-19 17:29 - 00003262 _____ () C:\Windows\System32\Tasks\UpdaterEX2014-09-23 21:12 - 2014-09-19 17:29 - 00000306 _____ () C:\Windows\Tasks\UpdaterEX.job2014-09-23 21:12 - 2014-09-19 17:15 - 00004264 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333833383537323330352d5a556c6c4a5a5757504141342014-09-23 21:12 - 2014-09-19 17:15 - 00003856 _____ () C:\Windows\System32\Tasks\Smp2014-09-23 21:12 - 2014-09-19 17:15 - 00003598 _____ () C:\Windows\System32\Tasks\YTDownloader2014-09-20 18:35 - 2014-09-19 17:29 - 00000000 ____D () C:\Program Files (x86)\ClearThink2014-09-19 17:32 - 2014-09-19 17:32 - 00000000 ____D () C:\ProgramData\3743113802014-09-19 17:29 - 2014-09-19 17:29 - 17328816 _____ (Adobe Systems Incorporated) C:\Users\Catherine\Downloads\install_flash_player_ax.exe2014-09-19 17:29 - 2014-09-19 17:29 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\UpdaterEX2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\Users\Catherine\AppData\Local\CrashRpt2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\ProgramData\SearchModule2014-09-19 12:59 - 2014-09-19 18:21 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01

Ran by SYSTEM at 2014-09-25 06:46:14 Run:1

Running from e:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

HKU\Catherine\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

 

S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [44688 2014-09-19] (StdLib)

S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]

S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]

S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5778968 2014-07-13] (Hola Networks Ltd.)

S2 Update ClearThink; C:\Program Files (x86)\ClearThink\updateClearThink.exe [325360 2014-09-23] ()

S2 Util ClearThink; C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe [522480 2014-09-24] ()

 

C:\Program Files\Hola

C:\Program Files\Common Files\Goobzo

2014-09-23 21:12 - 2014-09-23 21:12 - 00821760 _____ (Browser Opt-out) C:\Users\Catherine\Downloads\uninstall.exe

2014-09-23 21:12 - 2014-09-19 17:29 - 00003262 _____ () C:\Windows\System32\Tasks\UpdaterEX

2014-09-23 21:12 - 2014-09-19 17:29 - 00000306 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-09-23 21:12 - 2014-09-19 17:15 - 00004264 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333833383537323330352d5a556c6c4a5a575750414134

2014-09-23 21:12 - 2014-09-19 17:15 - 00003856 _____ () C:\Windows\System32\Tasks\Smp

2014-09-23 21:12 - 2014-09-19 17:15 - 00003598 _____ () C:\Windows\System32\Tasks\YTDownloader

2014-09-20 18:35 - 2014-09-19 17:29 - 00000000 ____D () C:\Program Files (x86)\ClearThink

2014-09-19 17:32 - 2014-09-19 17:32 - 00000000 ____D () C:\ProgramData\374311380

2014-09-19 17:29 - 2014-09-19 17:29 - 17328816 _____ (Adobe Systems Incorporated) C:\Users\Catherine\Downloads\install_flash_player_ax.exe

2014-09-19 17:29 - 2014-09-19 17:29 - 00000000 ____D () C:\Users\Catherine\AppData\Roaming\UpdaterEX

2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\Users\Catherine\AppData\Local\CrashRpt

2014-09-19 17:15 - 2014-09-19 17:15 - 00000000 ____D () C:\ProgramData\SearchModule

2014-09-19 12:59 - 2014-09-19 18:21 - 00044688 _____ (StdLib) C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys

*****************

 

HKU\Catherine\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.

{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64 => Service deleted successfully.

SMUpdd => Service deleted successfully.

hola_svc => Service deleted successfully.

hola_updater => Service deleted successfully.

Update ClearThink => Service deleted successfully.

Util ClearThink => Service deleted successfully.

C:\Program Files\Hola => Moved successfully.

"C:\Program Files\Common Files\Goobzo" => File/Directory not found.

C:\Users\Catherine\Downloads\uninstall.exe => Moved successfully.

C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.

C:\Windows\Tasks\UpdaterEX.job => Moved successfully.

C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333833383537323330352d5a556c6c4a5a575750414134 => Moved successfully.

C:\Windows\System32\Tasks\Smp => Moved successfully.

C:\Windows\System32\Tasks\YTDownloader => Moved successfully.

C:\Program Files (x86)\ClearThink => Moved successfully.

C:\ProgramData\374311380 => Moved successfully.

C:\Users\Catherine\Downloads\install_flash_player_ax.exe => Moved successfully.

C:\Users\Catherine\AppData\Roaming\UpdaterEX => Moved successfully.

C:\Users\Catherine\AppData\Local\CrashRpt => Moved successfully.

C:\ProgramData\SearchModule => Moved successfully.

C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Try to boot into windows and download Malwareybytes:

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/25/2014

Scan Time: 7:51:42 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.26.01

Rootkit Database: v2014.09.19.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Catherine

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 356740

Time Elapsed: 20 min, 5 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 15

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [48f102f0cdae4bebeaec23a400022dd3], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [48f102f0cdae4bebeaec23a400022dd3], 

PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [fe3b4ca698e3fe380e24ae1d30d2c13f], 

PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [fe3b4ca698e3fe380e24ae1d30d2c13f], 

PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [fe3b4ca698e3fe380e24ae1d30d2c13f], 

PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [fe3b4ca698e3fe380e24ae1d30d2c13f], 

PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [fe3b4ca698e3fe380e24ae1d30d2c13f], 

PUP.Optional.Tuvaro, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}, Quarantined, [e356866ca9d202342440f8954ab86997], 

PUP.Optional.ClearThink.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}, Quarantined, [b6838f632a51df57d48b0b82a161d030], 

PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [b6838f632a51df57d48b0b82a161d030], 

PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\ClearThink, Quarantined, [1920f002bdbee74fc55d4c2d0ff516ea], 

PUP.Optional.ClearThink.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ClearThink, Quarantined, [ec4df9f9b4c73006bc67b7c236ce08f8], 

PUP.Optional.Lasaoren.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Lasaoren, Quarantined, [89b07a783d3e71c515b348324bb916ea], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [a099f5fda3d858def252f04f52b1d030], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [41f8be343b4088aef7a8460f7e86fa06], 

 

Registry Values: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1K1J1N2U0R1O1F, Quarantined, [41f8be343b4088aef7a8460f7e86fa06]

 

Registry Data: 1

PUP.Optional.Spigot.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=614363&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=614363&fr=spigot-yhp-ie),Replaced,[7dbc1ed4364549ed07f6fe04907504fc]

 

Folders: 2

PUP.Optional.Extutil.A, C:\Users\Catherine\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [60d9c2302f4c82b4a394e60dce34a45c], 

PUP.Optional.Managera.A, C:\Users\Catherine\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [d16823cf7902280eda5e7182956d649c], 

 

Files: 17

PUP.Optional.Spigot, C:\Users\Catherine\AppData\Local\Temp\uttEE1C.tmp.exe, Quarantined, [66d344ae6417f046e3667d2f89789868], 

PUP.Optional.Conduit.A, C:\Users\Catherine\AppData\Local\Temp\nskFF58.exe, Quarantined, [54e516dcfc7ff93da33453408d74fc04], 

PUP.Optional.Conduit.A, C:\Users\Catherine\AppData\Local\Temp\nssAF52.exe, Quarantined, [0d2cb939a8d3162032a5296a9b663ac6], 

PUP.Optional.Conduit.A, C:\Users\Catherine\AppData\Local\Temp\nssF348.exe, Quarantined, [81b8f6fc5e1d1224ddfadcb7c041ad53], 

PUP.Optional.Conduit.A, C:\Users\Catherine\AppData\Local\Temp\nsyB8E5.exe, Quarantined, [112815ddc5b62c0a5e793a59758cb34d], 

PUP.Optional.Conduit.A, C:\Users\Catherine\AppData\Local\Temp\nsyFEFD.exe, Quarantined, [3504965c9dde84b224b397fcb849ba46], 

PUP.Optional.Spigot, C:\Users\Catherine\AppData\Local\Temp\~spF46F.tmp, Quarantined, [3dfcc03299e2c076c5e149720001be42], 

PUP.Optional.Goobzo, C:\Users\Catherine\AppData\Local\Temp\Install_29406\sm.exe, Quarantined, [53e6d2208eedbb7ba9b607e9b54ffe02], 

PUP.Optional.Spigot, C:\Users\Catherine\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [b584ea08a4d758dedec85b601be6d22e], 

PUP.Optional.OutBrowse, C:\Users\Catherine\Downloads\Adobe Flash Player for Desktops 11.5.50 (1).exe, Quarantined, [a29724ce98e378bef8ac625f946dc43c], 

PUP.Optional.OutBrowse, C:\Users\Catherine\Downloads\Adobe Flash Player for Desktops 11.5.50.exe, Quarantined, [f643876b91ea4bebf2b203be20e13dc3], 

PUP.Optional.Lasaoren.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\svbvzaiu.default\searchplugins\Lasaoren.xml, Quarantined, [9c9d846ec3b8e254dcbf32d7986bab55], 

PUP.Optional.Extutil.A, C:\Users\Catherine\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [60d9c2302f4c82b4a394e60dce34a45c], 

PUP.Optional.Extutil.A, C:\Users\Catherine\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [60d9c2302f4c82b4a394e60dce34a45c], 

PUP.Optional.Extutil.A, C:\Users\Catherine\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [60d9c2302f4c82b4a394e60dce34a45c], 

PUP.Optional.Managera.A, C:\Users\Catherine\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [d16823cf7902280eda5e7182956d649c], 

PUP.Optional.Managera.A, C:\Users\Catherine\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [d16823cf7902280eda5e7182956d649c], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

C:\$Recycle.Bin\S-1-5-21-571916134-4208678346-963886956-1000\$R7XB1JN.XviD-Tfd\Matilda.1996.PROPER.DVDRip.XviD-Tfd\Codec\Setup.exe a variant of Win32/AdWare.iBryte.AG application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\ClearThinkbho.dll a variant of Win32/BrowseFox.O potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll Win32/BrowseFox.N potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe a variant of Win32/BrowseFox.P potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe Win64/BrowseFox.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe a variant of Win64/BrowseFox.A potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThinkBrowserFilter.exe a variant of MSIL/BrowseFox.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.dll a variant of Win32/BrowseFox.M potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.Bromon.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BroStats.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BrowserAdapter.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BrowserFilterG.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.CompatibilityChecker.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FeSvc.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FFUpdate.dll a variant of MSIL/BrowseFox.E potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.GCUpdate.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.IEUpdate.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.PurBrowseG.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Users\Catherine\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.S potentially unwanted application

C:\FRST\Quarantine\C\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys.xBAD a variant of Win64/Riskware.NetFilter.F application

C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRKJF1IF\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application

C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGQYGLO2\ClearThink[1].dll a variant of Win32/BrowseFox.O potentially unwanted application

C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGQYGLO2\sp-downloader[1].exe Win32/Toolbar.Conduit.R potentially unwanted application

C:\Users\Catherine\AppData\Local\Temp\optprosetup.exe multiple threats

C:\Users\Catherine\AppData\Local\Temp\Install_29406\ytd.exe Win32/SpeedBit.B.gen potentially unwanted application

C:\Users\Catherine\Downloads\Adobe_Flash_Setup.exe a variant of Win32/InstallCore.OZ potentially unwanted application
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!

Link to post
Share on other sites

Adwcleaner:

 

# AdwCleaner v3.310 - Report created 30/09/2014 at 06:46:27
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Catherine - BARTHOLOMEW
# Running from : C:\Users\Catherine\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Smp
Task Deleted : UpdaterEX
Task Deleted : YTDownloader
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Catherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Catherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Catherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\svbvzaiu.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [4175 octets] - [30/09/2014 06:45:02]
AdwCleaner[s0].txt - [3443 octets] - [30/09/2014 06:46:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3503 octets] ##########
 
 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x64
Ran by Catherine on Tue 09/30/2014 at  6:48:45.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilClearThink_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/30/2014 at  6:51:53.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
SecurityCheck:
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Your system is clean now! :)

 

 

Defrag your hard drive
 
Your hard drive is heavily fragmented. This may result in performance losses. If it is NOT an SSD drive, use a tool like Auslogic DiskDefrag to defrag the drive.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Awesome! I removed all the tools and software with the tools you listed above, as well as checked to make sure I was getting automatic updates.

 

Do I physically have to defrag my harddrive? Or did one of those tools do that? I have a SSD.

 

Thanks again for helping me... :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.