Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Infection


  • Please log in to reply
11 replies to this topic

#1 Kimota

Kimota

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 January 2014 - 09:09 PM

I am working on a system that has ZeroAccess and who knows what else.  Several antivirus and removal programs were run before I was asked to help.  MBAM removed over 1,000 items according to its logs but there's clearly still some malware in play on the system.  Disk activity is nearly constant and there are several suspect processes running.  Rkill confirmed the ZeroAccess infection.  Logs are below and help is greatly appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.45.2
Run by Karen London at 19:52:32 on 2014-01-04
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\dKEYUSBCradle\SyncService.exe
C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\dKEYUSBCradle\ProxyDaemon.exe
C:\dKEYUSBCradle\stunnel-4.10.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRun: [Push Client] c:\users\karen london\appdata\local\att connect\participant\pull.exe
dRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {B66A992D-C262-496E-8328-2F14FD80443A} - hxxps://qbo.intuit.com/c30/v35.082/qboimax7.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{CC08DEAB-DC07-4701-A59F-1807C75999B8} : DHCPNameServer = 10.200.1.32 10.200.1.25
TCP: Interfaces\{D5F5EC2F-BFA3-4E68-B738-46FC55C31B70} : DHCPNameServer = 192.168.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? btbtnzpn;btbtnzpn
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DockLoginService;Dock Login Service
R? dofqlyho;dofqlyho
R? LMIRfsClientNP;LMIRfsClientNP
R? MFE_RR;MFE_RR
R? silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver
R? silabser;GE Supra DisplayKey USB Cradle Driver
R? SkypeUpdate;Skype Updater
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? Apache2.2;Remote Access Media Server
S? ATService;AuthenTec Fingerprint Service
S? ATSwpWDF;AuthenTec TruePrint USB WDF Driver
S? ctxusbm;Citrix USB Monitor Driver
S? dsl-db;Remote Access DB
S? dsl-fs-sync;Remote Access File Sync Service
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl666c0bcf;MpKsl666c0bcf
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? OA001Ufd;Creative Camera OA001 Upper Filter Driver
S? OA001Vid;Creative Camera OA001 Function Driver
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
.
=============== Created Last 30 ================
.
2014-01-05 01:34:25 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{072701ba-5ea0-40e9-a7d0-b00b6d14b05e}\MpKsl666c0bcf.sys
2014-01-05 01:33:26 -------- d-----w- c:\users\karen london\appdata\local\Adobe
2014-01-05 01:32:04 -------- d-----w- C:\Process Explorer
2014-01-05 01:31:44 -------- d-----w- c:\users\karen london\New Folder (1)
2014-01-05 01:15:39 719224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd775635-bf8b-492f-91a4-56c3c694f502}\gapaengine.dll
2014-01-05 01:15:33 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{072701ba-5ea0-40e9-a7d0-b00b6d14b05e}\mpengine.dll
2014-01-05 01:10:07 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-05 00:04:31 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-05 00:04:26 -------- d-----w- c:\users\karen london\appdata\local\temp
2014-01-04 23:41:28 98816 ----a-w- c:\windows\sed.exe
2014-01-04 23:41:28 256000 ----a-w- c:\windows\PEV.exe
2014-01-04 23:41:28 208896 ----a-w- c:\windows\MBR.exe
2014-01-04 23:36:49 -------- d-----w- c:\users\karen london\appdata\local\Deployment
2014-01-04 20:59:18 50176 ----a-w- c:\windows\system32\drivers\ilqzjmfv.sys
2013-12-30 14:00:16 -------- d-----w- C:\a964ea99bba1ed98e4c7
2013-12-19 22:01:55 -------- d-----w- c:\programdata\Oracle
2013-12-19 22:01:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-11 15:48:48 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 15:48:43 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 15:48:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 15:48:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 15:48:36 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 15:48:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 15:48:33 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 15:48:32 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 15:48:32 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 15:48:30 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-06 17:25:40 -------- d-----w- c:\users\karen london\appdata\roaming\RealNetworks
2013-12-06 15:57:55 -------- d-----w- c:\program files\RealNetworks
2013-12-06 15:57:54 -------- d-----w- c:\programdata\RealNetworks
2013-12-06 15:57:04 -------- d-----w- c:\program files\common files\xing shared
2013-12-06 15:55:07 -------- d-----w- c:\users\karen london\appdata\local\Real
.
==================== Find3M  ====================
.
2013-12-16 14:43:46 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-16 14:43:45 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-12-16 14:43:44 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-16 14:43:44 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-12-11 17:41:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 17:41:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-06 15:56:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-12-06 15:56:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-29 15:31:48 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
============= FINISH: 20:00:36.44 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:22 AM

Posted 05 January 2014 - 12:14 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 January 2014 - 02:12 PM

Thank you for the response and assistance.  The log is below and addition.txt is attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Karen London (administrator) on KARENLONDON-PC on 05-01-2014 13:08:04
Running from C:\Users\Karen London\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe
(Apache Software Foundation) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GE Security Supra) C:\dKEYUSBCradle\SyncService.exe
(Apache Software Foundation) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
(GE Security Supra) C:\dKEYUSBCradle\ProxyDaemon.exe
() C:\dKEYUSBCradle\stunnel-4.10.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Creative Technology Ltd.) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GE Security Supra) C:\dKEYUSBCradle\SyncInfoApp.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\System32\WLTRAY.EXE [3563520 2008-11-20] (Dell Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [438403 2008-02-19] (Creative Technology Ltd.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [ ] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2642697
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {46D071E7-9A0C-4870-B418-A07595E5D0B3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=135963&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {B66A992D-C262-496E-8328-2F14FD80443A} https://qbo.intuit.com/c30/v35.082/qboimax7.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

FireFox:
========
FF ProfilePath: C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090128|hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&gdomain=www.google.com&ibd=3090128
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Karen London\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF Extension: Ask Toolbar - C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default\Extensions\toolbar@ask.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Wajam - C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Karen London\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Karen London\AppData\Roaming\Move Networks

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Karen London\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Move Streaming Media Player) - C:\Users\Karen London\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealDownloader) - C:\Users\Karen London\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Wajam) - C:\Users\Karen London\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (Google Wallet) - C:\Users\Karen London\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Karen London\AppData\Local\Wajam\Chrome\wajam.crx

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-25] (Andrea Electronics Corporation)
R2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1668344 2008-10-16] (AuthenTec, Inc.)
R2 dKeySync; C:\dKEYUSBCradle\SyncService.exe [40448 2010-04-02] (GE Security Supra)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\my.ini [9438 2009-12-04] ()
R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-25] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-09] (Creative Technology Ltd.)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [24584 2010-03-15] (Silicon Laboratories, Inc.)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [69256 2010-03-15] (Silicon Laboratories)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S1 btbtnzpn; \??\C:\Windows\system32\drivers\btbtnzpn.sys [x]
S3 catchme; \??\C:\Users\KARENL~1\AppData\Local\Temp\catchme.sys [x]
S1 dofqlyho; \??\C:\Windows\system32\drivers\dofqlyho.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 MFE_RR; \??\C:\Users\KARENL~1\AppData\Local\Temp\mfe_rr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RimUsb; System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-05 13:08 - 2014-01-05 13:09 - 00022406 _____ C:\Users\Karen London\Desktop\FRST.txt
2014-01-05 13:07 - 2014-01-05 13:07 - 01064761 _____ (Farbar) C:\Users\Karen London\Desktop\FRST.exe
2014-01-05 13:07 - 2014-01-05 13:07 - 00000000 ____D C:\FRST
2014-01-05 12:39 - 2014-01-05 12:39 - 00000000 ____D C:\Windows\LastGood
2014-01-04 21:11 - 2014-01-04 21:11 - 00000000 ____D C:\Program Files\Magical Jelly Bean
2014-01-04 20:00 - 2014-01-04 20:00 - 00015130 _____ C:\Users\Karen London\Desktop\dds.txt
2014-01-04 20:00 - 2014-01-04 20:00 - 00010470 _____ C:\Users\Karen London\Desktop\attach.txt
2014-01-04 19:55 - 2014-01-04 19:55 - 00000761 _____ C:\Users\Karen London\Desktop\Quicken 2009.lnk
2014-01-04 19:51 - 2014-01-04 19:51 - 00688992 ____R (Swearware) C:\Users\Karen London\Desktop\dds.com
2014-01-04 19:40 - 2014-01-04 19:40 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Karen London\Downloads\tdsskiller.exe
2014-01-04 19:33 - 2014-01-04 19:33 - 00000000 ____D C:\Users\Karen London\AppData\Local\Adobe
2014-01-04 19:32 - 2014-01-04 19:32 - 00000000 ____D C:\Process Explorer
2014-01-04 19:31 - 2014-01-04 19:31 - 00000000 ____D C:\Users\Karen London\New Folder (1)
2014-01-04 19:11 - 2014-01-04 19:11 - 00448512 _____ (OldTimer Tools) C:\Users\Logicnet\Desktop\TFC.exe
2014-01-04 19:10 - 2014-01-04 19:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-04 19:07 - 2014-01-04 19:07 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Macromedia
2014-01-04 19:07 - 2014-01-04 19:07 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Adobe
2014-01-04 19:06 - 2014-01-04 19:06 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\RealNetworks
2014-01-04 19:03 - 2014-01-04 19:03 - 00059856 _____ C:\Users\Logicnet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 19:03 - 2014-01-04 19:03 - 00001973 _____ C:\Users\Logicnet\Desktop\Google Chrome.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000951 _____ C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000946 _____ C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000917 _____ C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\Documents\Dell WebCam Central
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\ICAClient
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Dell
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Apple Computer
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Local\SupportSoft
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Local\LogMeIn
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Local\Citrix
2014-01-04 19:02 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet
2014-01-04 19:02 - 2014-01-04 19:02 - 00000020 ___SH C:\Users\Logicnet\ntuser.ini
2014-01-04 19:02 - 2011-07-11 02:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Mozilla
2014-01-04 19:02 - 2009-02-12 03:00 - 00000000 ____D C:\Users\Logicnet\AppData\Local\Microsoft Help
2014-01-04 19:02 - 2008-01-20 20:42 - 00000000 ___RD C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-04 19:02 - 2008-01-20 20:42 - 00000000 ___RD C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-04 18:04 - 2014-01-04 18:04 - 00048442 _____ C:\ComboFix.txt
2014-01-04 17:41 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-04 17:41 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-04 17:41 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-04 17:41 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-04 17:41 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-04 17:41 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-04 17:41 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-04 17:41 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-04 17:39 - 2014-01-04 18:04 - 00000000 ____D C:\Qoobox
2014-01-04 17:39 - 2014-01-04 18:03 - 00000000 ____D C:\Windows\erdnt
2014-01-04 17:36 - 2014-01-04 17:36 - 00000000 ____D C:\Users\Karen London\AppData\Local\Deployment
2014-01-04 17:29 - 2014-01-04 17:29 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\Real
2014-01-04 14:59 - 2014-01-04 14:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ilqzjmfv.sys
2013-12-30 08:00 - 2013-12-30 08:00 - 00000000 ____D C:\a964ea99bba1ed98e4c7
2013-12-23 15:07 - 2014-01-04 17:28 - 00000000 ____D C:\Users\Karen London\Documents\WalmartForm_Minneapolis_55416
2013-12-23 09:31 - 2014-01-04 19:22 - 00260838 _____ C:\Windows\PFRO.log
2013-12-19 16:05 - 2013-12-19 16:05 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-12-19 16:04 - 2014-01-04 17:37 - 00001590 _____ C:\Windows\setupact.log
2013-12-19 16:04 - 2013-12-19 16:04 - 00431696 _____ () C:\Users\Karen London\Downloads\DellSystemDetect.exe
2013-12-19 16:04 - 2013-12-19 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-12-19 16:01 - 2013-12-19 16:02 - 00000000 ____D C:\ProgramData\Oracle
2013-12-19 16:01 - 2013-12-19 16:01 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-19 16:01 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-19 16:01 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-19 16:01 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-19 16:01 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-19 15:59 - 2013-12-19 16:01 - 00005578 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-12-19 15:48 - 2013-12-19 15:49 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen London\Downloads\mseinstall (2).exe
2013-12-19 15:47 - 2013-12-19 15:48 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen London\Downloads\mseinstall (1).exe
2013-12-13 11:36 - 2014-01-05 12:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-12 03:02 - 2013-11-14 17:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-14 16:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-14 16:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:02 - 2013-11-14 16:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-14 16:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-14 16:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-14 16:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 03:02 - 2013-11-14 16:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-14 16:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 03:02 - 2013-11-14 16:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 03:02 - 2013-11-14 16:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-14 16:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 03:02 - 2013-11-14 16:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-14 16:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 03:02 - 2013-11-14 16:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-14 16:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 09:48 - 2013-10-29 20:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 09:48 - 2013-10-29 19:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:48 - 2013-10-29 18:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 09:48 - 2013-10-29 18:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:48 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:48 - 2013-10-10 20:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:48 - 2013-10-10 20:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:48 - 2013-10-10 20:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 09:48 - 2013-10-10 18:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:48 - 2013-10-10 18:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-06 11:25 - 2013-12-06 11:25 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\RealNetworks
2013-12-06 09:57 - 2013-12-06 09:57 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-06 09:57 - 2013-12-06 09:57 - 00000000 ____D C:\Program Files\RealNetworks
2013-12-06 09:57 - 2013-12-06 09:57 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-12-06 09:55 - 2013-12-06 09:55 - 00000000 ____D C:\Users\Karen London\AppData\Local\Real

==================== One Month Modified Files and Folders =======

2014-01-05 13:09 - 2014-01-05 13:08 - 00022406 _____ C:\Users\Karen London\Desktop\FRST.txt
2014-01-05 13:07 - 2014-01-05 13:07 - 01064761 _____ (Farbar) C:\Users\Karen London\Desktop\FRST.exe
2014-01-05 13:07 - 2014-01-05 13:07 - 00000000 ____D C:\FRST
2014-01-05 13:07 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:07 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 12:50 - 2010-09-04 11:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 12:41 - 2012-04-06 08:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 12:41 - 2009-01-27 14:10 - 01276857 _____ C:\Windows\WindowsUpdate.log
2014-01-05 12:39 - 2014-01-05 12:39 - 00000000 ____D C:\Windows\LastGood
2014-01-05 12:39 - 2009-02-06 19:43 - 00000000 ____D C:\Users\Karen London
2014-01-05 12:37 - 2006-11-02 04:33 - 00759720 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 12:32 - 2011-01-14 15:45 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-05 12:20 - 2013-12-13 11:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-05 12:20 - 2011-01-14 15:45 - 00001024 _____ C:\.rnd
2014-01-05 12:20 - 2010-09-04 11:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 12:20 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 21:58 - 2006-11-02 07:01 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 21:29 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\tracing
2014-01-04 21:11 - 2014-01-04 21:11 - 00000000 ____D C:\Program Files\Magical Jelly Bean
2014-01-04 20:00 - 2014-01-04 20:00 - 00015130 _____ C:\Users\Karen London\Desktop\dds.txt
2014-01-04 20:00 - 2014-01-04 20:00 - 00010470 _____ C:\Users\Karen London\Desktop\attach.txt
2014-01-04 19:55 - 2014-01-04 19:55 - 00000761 _____ C:\Users\Karen London\Desktop\Quicken 2009.lnk
2014-01-04 19:51 - 2014-01-04 19:51 - 00688992 ____R (Swearware) C:\Users\Karen London\Desktop\dds.com
2014-01-04 19:40 - 2014-01-04 19:40 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Karen London\Downloads\tdsskiller.exe
2014-01-04 19:33 - 2014-01-04 19:33 - 00000000 ____D C:\Users\Karen London\AppData\Local\Adobe
2014-01-04 19:32 - 2014-01-04 19:32 - 00000000 ____D C:\Process Explorer
2014-01-04 19:31 - 2014-01-04 19:31 - 00000000 ____D C:\Users\Karen London\New Folder (1)
2014-01-04 19:23 - 2009-02-06 19:46 - 00000946 _____ C:\Users\Karen London\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-04 19:22 - 2013-12-23 09:31 - 00260838 _____ C:\Windows\PFRO.log
2014-01-04 19:11 - 2014-01-04 19:11 - 00448512 _____ (OldTimer Tools) C:\Users\Logicnet\Desktop\TFC.exe
2014-01-04 19:10 - 2014-01-04 19:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-04 19:10 - 2011-08-02 02:51 - 00001945 _____ C:\Windows\epplauncher.mif
2014-01-04 19:07 - 2014-01-04 19:07 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Macromedia
2014-01-04 19:07 - 2014-01-04 19:07 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Adobe
2014-01-04 19:06 - 2014-01-04 19:06 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\RealNetworks
2014-01-04 19:03 - 2014-01-04 19:03 - 00059856 _____ C:\Users\Logicnet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 19:03 - 2014-01-04 19:03 - 00001973 _____ C:\Users\Logicnet\Desktop\Google Chrome.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000951 _____ C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000946 _____ C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000917 _____ C:\Users\Logicnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\Documents\Dell WebCam Central
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\ICAClient
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Dell
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Roaming\Apple Computer
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Local\SupportSoft
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Local\LogMeIn
2014-01-04 19:03 - 2014-01-04 19:03 - 00000000 ____D C:\Users\Logicnet\AppData\Local\Citrix
2014-01-04 19:03 - 2014-01-04 19:02 - 00000000 ____D C:\Users\Logicnet
2014-01-04 19:02 - 2014-01-04 19:02 - 00000020 ___SH C:\Users\Logicnet\ntuser.ini
2014-01-04 18:29 - 2009-07-29 21:01 - 00000000 ____D C:\Users\Karen London\AppData\Local\Apps\2.0
2014-01-04 18:29 - 2006-11-02 06:47 - 00270584 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 18:28 - 2009-01-27 20:32 - 00000000 ____D C:\Program Files\Google
2014-01-04 18:11 - 2009-02-06 19:47 - 00000000 ____D C:\Users\Karen London\AppData\Local\Google
2014-01-04 18:04 - 2014-01-04 18:04 - 00048442 _____ C:\ComboFix.txt
2014-01-04 18:04 - 2014-01-04 17:39 - 00000000 ____D C:\Qoobox
2014-01-04 18:04 - 2006-11-02 05:18 - 00000000 __RHD C:\Users\Default
2014-01-04 18:04 - 2006-11-02 05:18 - 00000000 ___RD C:\Users\Public
2014-01-04 18:03 - 2014-01-04 17:39 - 00000000 ____D C:\Windows\erdnt
2014-01-04 18:01 - 2006-11-02 04:23 - 00000215 _____ C:\Windows\system.ini
2014-01-04 17:37 - 2013-12-19 16:04 - 00001590 _____ C:\Windows\setupact.log
2014-01-04 17:36 - 2014-01-04 17:36 - 00000000 ____D C:\Users\Karen London\AppData\Local\Deployment
2014-01-04 17:29 - 2014-01-04 17:29 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\Real
2014-01-04 17:28 - 2013-12-23 15:07 - 00000000 ____D C:\Users\Karen London\Documents\WalmartForm_Minneapolis_55416
2014-01-04 15:24 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\Performance
2014-01-04 15:11 - 2012-12-05 12:06 - 00000000 ____D C:\Windows\pss
2014-01-04 15:03 - 2009-01-27 20:32 - 00000000 ____D C:\ProgramData\Google
2014-01-04 14:59 - 2014-01-04 14:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ilqzjmfv.sys
2013-12-30 08:00 - 2013-12-30 08:00 - 00000000 ____D C:\a964ea99bba1ed98e4c7
2013-12-23 09:52 - 2009-01-27 20:47 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-23 09:52 - 2009-01-27 20:26 - 00000000 ____D C:\Program Files\Dell
2013-12-23 09:52 - 2009-01-27 20:25 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-23 09:32 - 2009-01-27 20:34 - 00000000 ____D C:\ProgramData\McAfee
2013-12-23 09:32 - 2009-01-27 20:34 - 00000000 ____D C:\Program Files\McAfee
2013-12-19 16:05 - 2013-12-19 16:05 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-12-19 16:04 - 2013-12-19 16:04 - 00431696 _____ () C:\Users\Karen London\Downloads\DellSystemDetect.exe
2013-12-19 16:04 - 2013-12-19 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-12-19 16:02 - 2013-12-19 16:01 - 00000000 ____D C:\ProgramData\Oracle
2013-12-19 16:01 - 2013-12-19 16:01 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-19 16:01 - 2013-12-19 15:59 - 00005578 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-12-19 16:01 - 2009-01-27 20:25 - 00000000 ____D C:\Program Files\Java
2013-12-19 15:52 - 2011-03-21 08:41 - 00000000 ____D C:\ProgramData\Symantec
2013-12-19 15:52 - 2011-03-11 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-12-19 15:49 - 2013-12-19 15:48 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen London\Downloads\mseinstall (2).exe
2013-12-19 15:48 - 2013-12-19 15:47 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen London\Downloads\mseinstall (1).exe
2013-12-16 18:32 - 2011-03-21 08:43 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-16 14:08 - 2011-03-08 11:11 - 00000000 ____D C:\dKEYUSBCradle
2013-12-16 08:44 - 2011-01-14 15:44 - 00000000 ____D C:\Program Files\LogMeIn
2013-12-16 08:43 - 2011-01-14 15:45 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2013-12-16 08:43 - 2011-01-14 15:45 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2013-12-16 08:43 - 2011-01-14 15:45 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2013-12-13 15:57 - 2011-01-23 08:43 - 00000000 ____D C:\Users\Karen London\Documents\KLOPhotos
2013-12-13 13:05 - 2011-06-20 19:49 - 00000000 ____D C:\Users\Karen London\Photos 062011
2013-12-13 13:05 - 2011-03-09 10:29 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\Canon
2013-12-12 03:09 - 2009-01-27 20:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 03:06 - 2013-07-20 08:56 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 03:04 - 2006-11-02 04:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 11:41 - 2012-04-06 08:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 11:41 - 2011-05-21 10:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-06 12:42 - 2013-02-27 16:34 - 00000682 _____ C:\Users\Karen London\Desktop\Minneapolis Area Association of REALTORS®.website
2013-12-06 11:25 - 2013-12-06 11:25 - 00000000 ____D C:\Users\Karen London\AppData\Roaming\RealNetworks
2013-12-06 09:57 - 2013-12-06 09:57 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-06 09:57 - 2013-12-06 09:57 - 00000000 ____D C:\Program Files\RealNetworks
2013-12-06 09:57 - 2013-12-06 09:57 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-12-06 09:57 - 2012-11-28 17:50 - 00000000 ____D C:\Program Files\Real
2013-12-06 09:56 - 2013-06-24 14:09 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2013-12-06 09:56 - 2013-06-24 14:08 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2013-12-06 09:56 - 2013-06-24 14:08 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2013-12-06 09:56 - 2013-06-24 14:08 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2013-12-06 09:56 - 2013-06-24 14:08 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2013-12-06 09:56 - 2013-06-24 14:08 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2013-12-06 09:56 - 2012-11-28 17:45 - 00000000 ____D C:\ProgramData\Real
2013-12-06 09:55 - 2013-12-06 09:55 - 00000000 ____D C:\Users\Karen London\AppData\Local\Real
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Karen London\AppData\Roaming\desktop.ini
C:\Users\Karen London\ccsetup302.exe

Some content of TEMP:
====================
C:\Users\Karen London\AppData\Local\temp\setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-05 12:31

==================== End Of Log ============================

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:22 AM

Posted 05 January 2014 - 07:17 PM

Download the enclosed file.

Save it next to FRST.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Restart, Run FRST, put a checkmark on Addition and scan.

Post the new FRST.txt and Addition.txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 January 2014 - 07:52 PM

The log was too long to post.  I've attached the three requested logs.

 

Thanks!

Attached Files



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:22 AM

Posted 05 January 2014 - 08:04 PM

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 January 2014 - 08:49 PM

Logs as requested are attached.

 

# AdwCleaner v3.016 - Report created 05/01/2014 at 19:20:54
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Karen London - KARENLONDON-PC
# Running from : C:\Users\Karen London\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Karen London\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default\Extensions\toolbar@ask.com
File Deleted : C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v

[ File : C:\Users\Karen London\AppData\Roaming\Mozilla\Firefox\Profiles\s81p7any.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.cbid", "GG");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Deleted : user_pref("extensions.asktb.dtid", "YYY-YYYB8");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1293745478031");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.o", "15435");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,dealio@mybrowserbar.com:4.0.2,searchsettings@spigot.com:1.2.3,toolbar@ask.com:3.9.1.14019,{B7082FAA-CB62-4872-9106-E42D[...]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Karen London\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7242 octets] - [05/01/2014 19:19:35]
AdwCleaner[S0].txt - [7287 octets] - [05/01/2014 19:20:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7347 octets] ##########

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:22 AM

Posted 05 January 2014 - 09:17 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 January 2014 - 09:41 PM

It seems to be doing better- thank you.  The only thing that still looks fishy to me is a SingleClick Systems directory I'm finding in C:\ProgramData that's running an Apache service and mysql.  It eats up a fair amount of RAM running under svchost and I'm just not familiar with it being a legitimate program.  Rkill stops it any time I run it too, which could just mean it's acting like malware as opposed to actually being a threat.  Any concerns about this application or is it a non-issue?



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:22 AM

Posted 05 January 2014 - 10:17 PM

I am not familiar with the program. My research didn't find any malware related to it, in fact, I am unable to determine which program in the program list is associated with. I can remove all of it if you wish.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 January 2014 - 10:25 PM

Thank you for offering, but if it's not on your radar, I'm not that worried about it. I'll mention it to my friend and remove it if she's concerned.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:22 AM

Posted 05 January 2014 - 10:29 PM

Great.

 

Run and uninstall AdwCleaner.

 

Remove the C:\FRST folder

 

Here are some suggestions.
 

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article    by Miekiemoes.

Best wishes! :hello:

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users