Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

conduit and my pc backup malware on computer - DDS freezes


  • This topic is locked This topic is locked
10 replies to this topic

#1 happyyes

happyyes

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 08 July 2013 - 05:38 PM

Before I start let me say that I was trying to run combofix and it would freeze a the point where it's scanning and says it normally takes 10 minutes but can sometimes take double on a badly infected computer.

 

I know you are going to tell me I shouldn't even run combofix, I get this, just to save you time.

 

I also prob shouldn't have run Rkill, but I did and it sees to have gotten rid of the browser hijacking (though I am not 100% sure it's actually fully gone)

 

I also ran adwcleaner which also removed some things (for all I know the malware MAY be gone but I don't think so)

 

After I ran Rkill when my mother was using the computer MyPCBackup popped up (she never installed anything like this) and the floppy drive started going nuts (I unplugged it, she doesn't actually need this, who does these days)

 

I then ran adwcleaner which as I said removed/fixed some files.

 

I then tried to run combofix and got no further, when I was searching for info on how to make it not freeze I found info on this site saying to not even run combofix.

 

I then stopped and followed the instructions regarding creating an account here and posting DDS info  however DDS also freezes at around 80% complete and 1/2 hour later it is still frozen at that exact spot

 

I can not postDDS lot because it won't complete...  HELP!!!

I should be available for quick replies and more logs if needed if anyone can help me with this (hope I didn't mess it u too bad with rkill an adwcleaner, combofix never worked so it didn't do anything I think)

 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:05 AM

Posted 08 July 2013 - 08:47 PM

Hello happyyes,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the otlDesktopIcon.png icon on your desktop.
    4. Under the Custom Scan box paste this in

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 happyyes

happyyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 08 July 2013 - 10:20 PM

Thank you in advance fireman4it for any help you can provide me, I'm really over a barrel here

 

Here is the info you asked to have pasted

 

OTL.txt

--------------------

OTL logfile created on: 7/8/2013 8:03:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\karen\Desktop\New folder
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 38.85% Memory free
3.50 Gb Paging File | 2.19 Gb Available in Paging File | 62.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 153.98 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 107.54 Gb Free Space | 72.16% Space Free | Partition Type: NTFS
 
Computer Name: KAREN-PC | User Name: karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/08 20:01:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karen\Desktop\New folder\OTL (1).exe
PRC - [2013/06/14 18:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/06/13 09:37:34 | 005,015,048 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2013/06/13 09:37:34 | 001,066,504 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/17 22:45:12 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/31 02:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 02:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/08/10 16:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 16:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/06/30 18:40:20 | 000,163,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/14 18:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 18:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 18:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 18:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 18:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/06 15:22:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/25 10:09:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 09:37:34 | 005,015,048 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 12:07:34 | 004,143,168 | ---- | M] (Carbonite, Inc.) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe -- (Carbonite-Mirror-Image-Svc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/17 12:33:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2009/08/10 16:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 16:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/08 16:30:48 | 000,323,584 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\WPE\wpeserv.exe -- (WPEServ)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KeyCrypt32.sys -- (keycrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\karen\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/07/02 02:40:19 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130708.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/02 02:40:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/02 02:40:19 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130708.016\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/31 09:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/27 11:46:58 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/04/24 20:09:51 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/04/24 17:52:10 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130706.002\IDSvix86.sys -- (IDSVix86)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/01/30 20:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys -- (SymEFA)
DRV - [2013/01/28 18:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 18:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 19:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys -- (SymDS)
DRV - [2012/11/15 19:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/07/27 20:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys -- (SymIRON)
DRV - [2012/07/22 18:34:24 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys -- (SymNetS)
DRV - [2010/11/20 14:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/04 18:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/08/04 18:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2009/07/30 18:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/29 01:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://bpconnection.com/https:// [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 95 13 E6 7E 7B CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/17 14:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/17 22:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/17 22:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/04/24 20:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/08 19:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/06/25 10:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/17 14:00:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/06/25 10:09:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2013/02/17 17:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karen\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - Extension: http://www.bleepingcomputer.com/forums/t/3477 = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjlcdilcecpgmbjaaeifoaaoajledmon\2013.7.8.60760_0\
 
O1 HOSTS File: ([2013/07/07 18:59:53 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to 'Perfect PDF Creator Essentials' - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\Cosmi\Perfect PDF Creator Essentials\pdfshell.dll (soft Xpansion)
O9 - Extra 'Tools' menuitem : Send to 'Perfect PDF Creator Essentials' - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\Cosmi\Perfect PDF Creator Essentials\pdfshell.dll (soft Xpansion)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF32B98-CDB8-4826-9BE7-D1349FB6EEBE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/08 15:41:05 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013/07/08 14:26:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/08 13:57:12 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/07/07 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2013/07/07 21:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2013/07/07 21:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2013/07/07 19:08:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/07 19:08:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/07 19:08:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/07 19:05:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/07 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\karen\Desktop\New folder
[2013/07/07 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\karen\Desktop\RK_Quarantine
[2013/07/07 16:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/07/07 16:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/07 09:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/07 09:07:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/07 09:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/06 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\karen\AppData\Local\CRE
[2013/07/06 15:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trusted Saver
[2013/07/06 15:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/07/06 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/07/06 15:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/07/02 11:07:34 | 000,000,000 | ---D | C] -- C:\Users\karen\Desktop\Recovered
[2013/06/25 10:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/06/10 10:28:37 | 000,000,000 | ---D | C] -- C:\Users\karen\AppData\Local\LogMeIn
[2013/06/10 10:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/08 19:51:36 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-updater.job
[2013/07/08 19:51:36 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_karen.job
[2013/07/08 19:51:35 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-codedownloader.job
[2013/07/08 19:51:35 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-enabler.job
[2013/07/08 19:51:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/08 19:51:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/08 19:51:20 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/08 19:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/08 19:45:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/08 15:10:11 | 000,000,154 | ---- | M] () -- C:\Users\karen\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2013/07/08 14:55:08 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_karen.job
[2013/07/08 11:08:43 | 021,898,752 | ---- | M] () -- C:\Users\karen\Desktop\ARCO EFT & Bank.obd
[2013/07/08 08:31:02 | 000,001,197 | ---- | M] () -- C:\Users\karen\Desktop\Blood Glucose.lnk
[2013/07/08 08:07:44 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_karen.job
[2013/07/07 21:30:33 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2013/07/07 16:10:30 | 276,733,853 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/07 11:27:41 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/07/07 09:08:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/06 18:19:02 | 1017,155,584 | ---- | M] () -- C:\Users\karen\Desktop\Church Binder.obd
[2013/07/06 16:18:55 | 000,000,349 | ---- | M] () -- C:\Users\karen\Desktop\LogMeIn.url
[2013/07/05 10:55:53 | 014,077,952 | ---- | M] () -- C:\Users\karen\Documents\Karen Hall Holmes.paf
[2013/07/02 23:00:23 | 000,020,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 23:00:23 | 000,020,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 15:49:12 | 000,002,056 | ---- | M] () -- C:\Users\karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/08 15:10:11 | 000,000,154 | ---- | C] () -- C:\Users\karen\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2013/07/08 08:30:15 | 000,001,197 | ---- | C] () -- C:\Users\karen\Desktop\Blood Glucose.lnk
[2013/07/07 21:30:33 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2013/07/07 19:08:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/07 19:08:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/07 19:08:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/07 19:08:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/07 19:08:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/07 11:27:41 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/07/07 09:08:00 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/06 16:18:42 | 000,000,349 | ---- | C] () -- C:\Users\karen\Desktop\LogMeIn.url
[2013/07/06 15:22:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/06 15:11:45 | 000,001,194 | ---- | C] () -- C:\Windows\tasks\Trusted Saver-updater.job
[2013/07/06 15:11:38 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\Trusted Saver-enabler.job
[2013/07/06 15:11:32 | 000,001,198 | ---- | C] () -- C:\Windows\tasks\Trusted Saver-codedownloader.job
[2013/06/11 11:54:05 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_karen.job
[2013/06/11 11:54:01 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_karen.job
[2013/06/11 11:54:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_karen.job
[2013/02/28 11:11:42 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/02/21 10:31:42 | 000,000,884 | RHS- | C] () -- C:\Users\karen\ntuser.pol
[2013/02/17 22:49:37 | 000,116,736 | ---- | C] () -- C:\Windows\System32\qvredmonnt.dll
[2013/02/17 19:42:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/17 18:02:47 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/02/17 13:53:18 | 000,221,530 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/02/17 13:53:18 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/07/07 20:38:39 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\ID Vault
[2013/02/17 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Thunderbird
[2013/02/17 16:34:43 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2009/07/13 21:53:46 | 000,032,594 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 21:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/04/25 09:29:47 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/04/25 09:29:48 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 11:54:00 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_karen.job
[2013/06/11 11:54:01 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_karen.job
[2013/06/11 11:54:05 | 000,000,376 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_karen.job
[2013/07/06 15:11:32 | 000,001,198 | ---- | C] () -- C:\Windows\Tasks\Trusted Saver-codedownloader.job
[2013/07/06 15:11:38 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\Trusted Saver-enabler.job
[2013/07/06 15:11:45 | 000,001,194 | ---- | C] () -- C:\Windows\Tasks\Trusted Saver-updater.job
[2013/07/06 15:22:46 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< c:\windows\*. /RP >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2013/02/21 11:08:39 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Adobe
[2013/02/17 14:10:54 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\HP
[2013/03/31 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\HpUpdate
[2013/07/07 20:38:39 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\ID Vault
[2013/02/17 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Intuit
[2013/02/17 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Macromedia
[2013/04/25 11:24:14 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Malwarebytes
[2010/11/20 17:46:50 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Media Center Programs
[2013/05/23 08:56:28 | 000,000,000 | --SD | M] -- C:\Users\karen\AppData\Roaming\Microsoft
[2013/02/17 19:40:28 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Microsoft Web Folders
[2013/02/17 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Mozilla
[2013/03/19 07:58:41 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Real
[2013/02/17 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\RealNetworks
[2013/02/17 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Thunderbird
[2013/02/17 16:34:43 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Windows Live Writer
[2013/02/17 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\karen\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2013/03/03 21:22:23 | 000,010,134 | R--- | M] () -- C:\Users\karen\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2013/03/19 07:58:42 | 000,448,592 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2013/04/10 08:14:27 | 000,448,592 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\temp\~Upg2\rnupgagent.exe
[2013/06/11 08:52:55 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\temp\~Upg6\rnupgagent.exe
[2013/06/22 08:53:00 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\temp\~Upg7\rnupgagent.exe
[2013/06/11 08:52:55 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
[2013/06/11 11:54:18 | 038,428,064 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\RealPlayer.exe
[2013/06/11 11:54:08 | 000,775,344 | ---- | M] (RealNetworks, Inc.) -- C:\Users\karen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_exe\RealPlayer.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2013/04/09 22:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2013/04/09 22:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys
[2013/04/12 06:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2013/04/24 20:09:51 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\SYMEVENT.SYS
[2013/05/07 22:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
 
< End of report >
 

Extras.txt

_______________

OTL Extras logfile created on: 7/8/2013 8:03:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\karen\Desktop\New folder
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 38.85% Memory free
3.50 Gb Paging File | 2.19 Gb Available in Paging File | 62.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 153.98 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 107.54 Gb Free Space | 72.16% Space Free | Partition Type: NTFS
 
Computer Name: KAREN-PC | User Name: karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136D5D2A-8531-4734-9D4B-B71A2C408E62}" = lport=445 | protocol=6 | dir=in | app=system | 
"{17BEDA96-B709-4266-B12B-5B1BF981D154}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1B1ACB65-461A-480E-A9D2-43E4C5630DD2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{24F85E24-23AA-43A6-B3FF-B41AB5F87D48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{276786B1-7DB6-47A6-B60D-76BA571ED8AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49EAAB1D-E931-4CC0-8990-F0DF94A63FD1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4A9B48AA-FE50-41BB-9B21-906681DA9BC6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E937B2A-F06C-4E8A-9D01-9D560C8B4E9F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{67BC156C-4C63-482A-A5CC-D519E9B74639}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A6CCEF1-752A-4C3C-BD21-C723D38C2A46}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{70EA0BB2-85CD-4DDD-BE3B-37CF8FC51EB8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{832125FE-FA45-48EE-B29C-BE269159C380}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B4D1581-6471-4291-9130-DB131579BFA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{934F41CE-4A14-436D-9430-D640FF6208C2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9CCDFC12-80E8-4182-AFF9-0270B539B858}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1BD774F-435F-4328-B51D-528D084008C7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C2CDF919-21D6-4324-AB98-8612275658D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2EFF421-1BAB-42C7-9938-42C88A2AD268}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C4B6A954-5BB8-4B36-8079-FFB45922F0A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C62EFB5F-A3CF-4DEB-9EF9-F55BEC335751}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8A631BB-899A-4A58-A4DB-48607BAADB95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CB182919-501A-4C9C-B598-FD48F7427298}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D0B3C88E-7166-4657-AD86-9453109CA410}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D73DE3B1-A963-4AEF-B0BC-7EF65E7971CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EAD2E56F-5853-470A-8FEC-2CCC45A4C23C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041B4641-3500-40EE-85D9-997D621EF394}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{072AD986-9607-4833-8086-269795796285}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{0EC7CD32-A368-4364-982C-17621124F6A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16907BFF-E54A-48F4-A3EF-F168407CA895}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{19672531-FF76-460E-A87D-80D1124DFBAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{1F8F5593-DAB4-462E-9535-7E1E094812FE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2311CC48-17F1-4555-ACD8-1B70016C1ED2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{256BE46F-D2D9-4620-B7E1-079BD6BF16B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30AF6EE0-2D20-49E7-80ED-2574C461CFF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{366F1489-F4C5-4CA1-8B1B-62C1DD94976A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{39A60DF7-5261-439A-A848-1576528063C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{42874AAE-5308-4899-921D-BBE4B169FD19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4555EFD3-0D44-4F8E-970F-B74ACE9796E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{46C29732-6E83-458A-B72D-8CDC2986C15F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4FF21700-B764-453B-AFE4-CE7220C96A89}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{5B6F342E-422B-4ED4-829A-B98B503C1F8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{5F0D69B7-34FD-4440-A836-FE320FFDDF1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{66D96A91-913A-4B1E-87D6-844D2FEF7B60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{788C2D77-5F51-429B-AE79-55B31EFF3295}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7B5E93C3-70CD-4D5F-A438-7FC77B2F08EA}" = dir=in | app=c:\users\karen\appdata\local\microsoft\skydrive\skydrive.exe | 
"{823BA814-E8FD-4D79-B335-642895156DB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{83638E65-27D5-4D47-B598-9C14AE8A4EB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{8490C4CA-8FC7-4280-9FE6-8E3167B4F803}" = protocol=6 | dir=out | app=system | 
"{893152C1-7476-41C1-B20C-BCDB0BD4E905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{A2C920E1-96B1-47F6-AA2D-E0C47C0AC61F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{A6D73320-DD73-493C-A02F-52B5D06CBE6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{B0614ED0-6935-49B7-A3B8-9D8BB2AA0584}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D6594904-DCCC-4121-9D2D-EF733B60874F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D877D87F-5340-4488-AF11-AD4E3DA3DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE77B831-B851-4283-9445-20BF7516911F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E36525D3-54D9-4669-B4C8-D361BF610C38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{E70AAEDD-96B8-4637-AF03-D70FC8800E43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{EA0741D2-CDB3-47BA-912F-037A60551575}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{EA5C44A6-F6DA-497E-81EC-1463C35822BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{EAD8D96A-6568-4250-AA2B-8133164AC204}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{EB354390-AA97-4D2E-A4E2-4B916B413971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0D9F40A-5DB5-4866-94C3-4E538945C7BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{F2072F85-D218-4215-891A-17335DF6913F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F23B4122-762B-41E1-81D2-80D54A6E6007}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{F41F0ED6-0D0D-4198-8A19-88330A6D71DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F916BE1C-350C-4CBE-ABC1-8CEC59EC9DB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{FCED2E3F-31A9-4998-A972-217E3AEF3EAF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{FD965816-1BA4-4BC5-85A4-604A8DE5050C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{02C2F0BB-B480-4121-BE86-33B70E53070B}" = Perfect PDF Creator Essentials
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0847420B-9C5D-4880-B7D9-6312AC24C8F1}" = 7300
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F16C6B40-82B8-4679-A176-99289A243DFE}" = Carbonite Mirror Image (32-bit)
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Carbonite Backup" = Carbonite
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird 17.0.7 (x86 en-US)" = Mozilla Thunderbird 17.0.7 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 16.0" = RealPlayer
"Trusted Saver" = Trusted Saver
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/8/2013 6:14:10 PM | Computer Name = karen-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 7/8/2013 6:14:32 PM | Computer Name = karen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/8/2013 6:44:44 PM | Computer Name = karen-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 7/8/2013 6:45:18 PM | Computer Name = karen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/8/2013 7:05:26 PM | Computer Name = karen-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 7/8/2013 7:05:51 PM | Computer Name = karen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/8/2013 7:16:47 PM | Computer Name = karen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,
 time stamp: 0x4dc0c672  Faulting module name: NaturalLanguage6.dll, version: 6.1.7601.17514,
 time stamp: 0x4ce7b902  Exception code: 0xc0000006  Fault offset: 0x0001ff26  Faulting
 process id: 0xe24  Faulting application start time: 0x01ce7c2fabb3e620  Faulting application
 path: C:\Windows\system32\SearchIndexer.exe  Faulting module path: C:\Windows\System32\NaturalLanguage6.dll
Report
 Id: 75b55930-e824-11e2-9121-002185705fb1
 
Error - 7/8/2013 7:16:47 PM | Computer Name = karen-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\NaturalLanguage6.dll
 for one of the following reasons:  there is a problem with the network connection,
 the disk that the file is stored on, or the storage  drivers installed on this computer;
 or the disk is missing.  Windows closed the program Microsoft Windows Search Indexer
 because of this error.    Program: Microsoft Windows Search Indexer  File: C:\Windows\System32\NaturalLanguage6.dll
 
The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.  This situation might be a temporary problem that corrects itself when the
 program runs again.  2.  If the file still cannot be accessed and   - It is on the network,
your
 network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for  further assistance.    Additional Data  Error value: C000009C  Disk 
type: 3
 
Error - 7/8/2013 10:51:32 PM | Computer Name = karen-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 7/8/2013 10:51:51 PM | Computer Name = karen-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 6/12/2013 9:37:27 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/12/2013 9:38:39 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/12/2013 9:38:39 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/12/2013 9:38:40 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/12/2013 9:38:42 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/12/2013 9:38:43 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/12/2013 9:38:46 PM | Computer Name = karen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/13/2013 11:10:09 AM | Computer Name = karen-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 6/14/2013 11:20:05 AM | Computer Name = karen-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 6/15/2013 8:29:09 AM | Computer Name = karen-PC | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:05 AM

Posted 09 July 2013 - 05:37 AM

We need to run an OTL Fix

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://bpconnection.com/https:// [Binary data over 200 bytes]
    IE - HKCU\..\SearchScopes\{77F9AD3F-5A63-4F0A-B5EC-4E0B730B1F8E}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130727,0,0,6,7635
    O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
    O4 - HKLM..\Run: []  File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2013/07/06 15:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
    [2013/07/08 19:51:36 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-updater.job
    [2013/07/08 19:51:36 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_karen.job
    [2013/07/08 19:51:35 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-codedownloader.job
    [2013/07/08 19:51:35 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\Trusted Saver-enabler.job
    PRC - [2013/06/13 09:37:34 | 005,015,048 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2013/06/13 09:37:34 | 001,066,504 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    SRV - [2013/06/13 09:37:34 | 005,015,048 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV - [2013/04/18 12:07:34 | 004,143,168 | ---- | M] (Carbonite, Inc.) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe -- (Carbonite-Mirror-Image-Svc)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    [2013/07/07 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
    [2013/07/07 21:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
    [2013/07/07 21:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
    [2013/07/07 21:30:33 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
    
    :Commamds
    [EMPTYTEMP]
    [EMPTYJAVACACHE]
    [CREATERESTOREPOINT]
    [RESETHOSTS]
     
     
    
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.

 

 

Things to include in your next reply::

OTL fix log

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 happyyes

happyyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 09 July 2013 - 11:15 AM

I will let you know how it is running later today after she's used it for a while, I won't disapear.

 

 

Here is the log file

 

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77F9AD3F-5A63-4F0A-B5EC-4E0B730B1F8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77F9AD3F-5A63-4F0A-B5EC-4E0B730B1F8E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files\MyPC Backup folder moved successfully.
C:\Windows\Tasks\Trusted Saver-updater.job moved successfully.
C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_karen.job moved successfully.
C:\Windows\Tasks\Trusted Saver-codedownloader.job moved successfully.
C:\Windows\Tasks\Trusted Saver-enabler.job moved successfully.
Process CarboniteService.exe killed successfully!
No active process named CarboniteUI.exe was found!
Service CarboniteService stopped successfully!
Service CarboniteService deleted successfully!
C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe moved successfully.
Service Carbonite-Mirror-Image-Svc stopped successfully!
Service Carbonite-Mirror-Image-Svc deleted successfully!
C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Carbonite Backup deleted successfully.
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Mirror Image\log folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Mirror Image\db folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Mirror Image folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\tray-icons folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\scripts\tests folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\scripts\scriptaculous folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\scripts\flowplayer folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\scripts\flash folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\scripts folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\js folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Tree folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\tabs folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\switch folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Sidebar folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Setup folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Restore folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Machines folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\InfoCenter folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Headers folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\FileSelector folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\buttons folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\BackupDrive folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images\Backgrounds folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\images folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\i folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\html\dynamic folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\html folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\css\smoothness\images folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\css\smoothness folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\css\kermit\images folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\css\kermit folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin\css folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\skin folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\checkpoint\{2B95746A-FAF1-4613-A555-945CC6BA351B} folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup\checkpoint folder moved successfully.
C:\ProgramData\Carbonite\Carbonite Backup folder moved successfully.
C:\ProgramData\Carbonite folder moved successfully.
C:\Program Files\Carbonite\Carbonite Mirror Image folder moved successfully.
C:\Program Files\Carbonite\Carbonite Backup folder moved successfully.
C:\Program Files\Carbonite folder moved successfully.
C:\Users\Public\Desktop\Carbonite InfoCenter.lnk moved successfully.
Error: Unable to interpret <:Commamds> in the current context!
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[EMPTYJAVACACHE]> in the current context!
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
Error: Unable to interpret <[RESETHOSTS]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 07092013_090925
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:05 AM

Posted 09 July 2013 - 04:32 PM

We need to run an OTL Fix
  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :Commands
    [EMPTYTEMP]
    [EMPTYJAVA]
    [EMPTYFLASH]
    [RESETHOSTS]
    
    
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 happyyes

happyyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 09 July 2013 - 05:29 PM

Hello ;)

 

The computer seems to be fine now, she hasn't reinstalled carbonite (though I asked her to) but she is going to do that right after I post this

 

Also I ran DDS (because of the info saying not to run anything without asking DDS is the thing is said you SHOULD run, and it was freezing, it was still freezing after the first OTL cleanup you did this morning, but I haven't tried after this one you just asked me to do)  I assumed that the DDS problem was related to the malware and a fix would also fix that?

 

Here is the log file from the 2nd OTL cleanup which I just did.  I will let you know how installng carbonite goes and I'll await word on whether I should try running DDS again (Not to "do" anything but to see if it's still freezing, or is that unrelated to the malware?)

Anyway here is the log file

 

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: karen
->Temp folder emptied: 32231705 bytes
->Temporary Internet Files folder emptied: 254636515 bytes
->Google Chrome cache emptied: 8020121 bytes
->Flash cache emptied: 59181 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500382 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76039 bytes
RecycleBin emptied: 602112 bytes
 
Total Files Cleaned = 283.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: karen
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: karen
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07092013_151920
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:05 AM

Posted 09 July 2013 - 05:37 PM

Let me know how the machine is running?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 happyyes

happyyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 09 July 2013 - 05:49 PM

Hi, sorry I wasn't clear enough, I thought I said it seemed to be fine when she used it today, she didn't reinstall carbonite though she has installed it now and it seems to be working fine and not loading the mypcbackup malware.

 

I didn't rerun DDS because you didn't say to so I don't know if it is still freezing.

 

Just to be totally clear, she used the computer all day after this morning's OTL cleanup.

 

It also seems to be working fine after the 2nd OTL cleanup this afternoon.  She will continue using it and watching for problems which I will post here if anything seems to still be not working right.

 

If you have advice on DDS or anything else you want me to do just let me know and I will get right on it.

 

Thanks so much for your help ;)  Sorry if I wasn't clearer on how the computer was running in that last post I thought I had made it clear, obv I didn't.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:05 AM

Posted 09 July 2013 - 06:56 PM

Hello, happyyes.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and %5BB%5DDisk Cleanup in Vista[/b].



    One of the most common questions found when cleaning malware is "how did my machine get infected?"

    There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

    Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

    Do not use P2P programs
    Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

    It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

    Practice Safe Internet
    Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

    Below are a list of simple precautions to take to keep your computer clean and running securely:
    • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
    • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
      There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
    • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
    • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
    • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
    • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
    • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
      Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.
    Keep Windows up-to-date
    Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.
    • Windows XP users
      You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
    • Windows Vista users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
    • Windows 7 users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here
    Keep your browser secure
    Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

    The latest versions of the three common browsers can be found below:Use an AntiVirus Software
    It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

    It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

    Use a Firewall
    I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

    In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

    Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

    Install an Anti-Malware program
    Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

    You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

    Make sure your applications have all of their updates
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

    Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:05 AM

Posted 21 July 2013 - 09:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users