Hi I believe my desktop PC has become infected with malware which was probably happened via an email which I inadvertedly opened. The computer has become slow and sluggish, my windows mail account will often ask me for may login details only to then not work - i.e. send or receive emails and the computer hard drive space kept getting full. Unfortunately I have already attempted a system recovery prior to discovering this help tool so it may be more difficult for you to find the malware. The recovery process has not been sucessful in resolving the problem. Please help me!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Howard (administrator) on HOME-DESKTOP on 03-11-2014 16:31:59
Running from C:\Users\Howard\Downloads
Loaded Profile: Howard (Available profiles: Howard)
Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
2014-11-04, 15:45

Lets do a few things as your logs look fairly healthy

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

http://i24.photobucket.com/albums/c30/ken545/MBAM203_zps0a230260.jpg (http://s24.photobucket.com/user/ken545/media/MBAM203_zps0a230260.jpg.html)

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

2014-11-04, 18:38
Hi Ken545,

Please see below results of the AdwCleaner scan as requested.

Regards, Howard.

# AdwCleaner v3.311 - Report created 04/11/2014 at 16:28:47
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Howard - HOME-DESKTOP
# Running from : C:\Users\Howard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\Users\Howard\Desktop\Uninstall.exe

***** [ Scheduled Tasks ] *****

Task Deleted : paretologic registration3
Task Deleted : paretologic update version3

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16575

-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zv204cq1.default\prefs.js ]


AdwCleaner[R0].txt - [1370 octets] - [04/11/2014 16:26:52]
AdwCleaner[S0].txt - [1313 octets] - [04/11/2014 16:28:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1373 octets] ##########

2014-11-04, 19:22
[QUOTE=howardp67;458629]Hi Ken545,

Please see below results of the AdwCleaner, JRT and malwarebytes scans as requested.

Regards, Howard.

# AdwCleaner v3.311 - Report created 04/11/2014 at 16:28:47
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Howard - HOME-DESKTOP
# Running from : C:\Users\Howard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\Users\Howard\Desktop\Uninstall.exe

***** [ Scheduled Tasks ] *****

Task Deleted : paretologic registration3
Task Deleted : paretologic update version3

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16575

-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zv204cq1.default\prefs.js ]


AdwCleaner[R0].txt - [1370 octets] - [04/11/2014 16:26:52]
AdwCleaner[S0].txt - [1313 octets] - [04/11/2014 16:28:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1373 octets] ##########

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Howard on 04/11/2014 at 16:39:46.41

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D0440EB7-81DD-412A-A6BD-9EE183D6D548}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E43961DF-4AD7-4168-B45D-2ECC57CFF454}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D0440EB7-81DD-412A-A6BD-9EE183D6D548}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E43961DF-4AD7-4168-B45D-2ECC57CFF454}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Howard\AppData\Roaming\mozilla\firefox\profiles\zv204cq1.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

Malwarebytes Anti-Malware

Scan Date: 04/11/2014
Scan Time: 17:04:12
Logfile: Malwarebytes scan result.txt
Administrator: Yes

Malware Database: v2014.11.04.04
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Howard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287320
Time Elapsed: 6 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


2014-11-04, 19:33
Not really a lot of bad things removed , just some junk. How is your system behaving now ?

2014-11-05, 14:47
Not really a lot of bad things removed , just some junk. How is your system behaving now ?

Hi Ken545,

Ok thanks - system not too bad I will monitor things and see how it goes. If I encounter further problems I will be in touch.

Thanks, howard.

2014-11-05, 15:28
Great, just a reminder that threads are closed after 3 days so if the thread is closed just send me a PM and I will reopen it

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.

Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Place a checkmark next to the following items

Activate UAC
Remove Disinfection Tools
Create registry backup
Reset System Settings

Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn

2014-11-05, 17:17
Thank you for your help!

2014-11-05, 17:35
Your very welcome my friend,

Take care

Ken :)