Redirect issues

[Olgita]

OTL.txt PART 2


==========[/color]

[2012/05/14 23:03:35 | 000,000,512 | ---- | C] () -- C:\Users\Olga\Desktop\MBR.dat
[2012/05/14 21:59:33 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2012/05/14 21:56:58 | 000,002,290 | ---- | C] () -- C:\Users\Olga\Desktop\Resume ZoneAlarm Security Install.lnk
[2012/05/10 21:11:19 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/10 21:11:18 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 22:59:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/09 20:36:26 | 000,458,240 | ---- | C] () -- C:\Users\Olga\Desktop\CKScanner.exe
[2012/05/05 19:29:16 | 000,948,982 | R--- | C] () -- C:\Users\Olga\Documents\My Money Backup_2012-05-05_192914.mbf
[2012/05/05 19:29:08 | 000,948,982 | R--- | C] () -- C:\Users\Olga\Documents\My Money Backup_2012-05-05_192906.mbf
[2012/05/05 17:48:17 | 000,001,681 | ---- | C] () -- C:\Users\Olga\Documents\checking.qif
[2012/05/05 15:44:01 | 000,003,923 | ---- | C] () -- C:\Users\Olga\Documents\Attach.zip
[2012/05/05 15:06:45 | 000,001,112 | ---- | C] () -- C:\Users\Olga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/05 15:06:23 | 000,000,932 | ---- | C] () -- C:\Users\Olga\Desktop\NTREGOPT.lnk
[2012/05/05 15:06:23 | 000,000,913 | ---- | C] () -- C:\Users\Olga\Desktop\ERUNT.lnk
[2012/05/05 13:35:30 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 22:48:36 | 000,053,951 | ---- | C] () -- C:\Users\Olga\Documents\zebra-living-room-zebra-design.jpg
[2012/04/18 21:17:19 | 000,031,800 | ---- | C] () -- C:\Users\Olga\Documents\pse bill march april.pdf
[2012/04/18 20:29:17 | 000,000,189 | ---- | C] () -- C:\Users\Olga\Desktop\Comcast Security.url
[2012/04/18 20:29:16 | 000,000,195 | ---- | C] () -- C:\Users\Olga\Desktop\Comcast Email.url
[2011/09/25 20:59:08 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/17 07:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/25 23:53:28 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/10/30 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\AVG2012
[2012/03/22 23:49:09 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\CheckPoint
[2012/05/05 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\DriverCure
[2012/04/15 23:23:52 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\Floodlight Games
[2012/02/24 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\funkitron
[2012/02/24 20:50:47 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\Namco
[2012/02/24 21:03:36 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\PlayFirst
[2012/04/09 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\runic games
[2012/05/05 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\SpeedMaxPc
[2011/09/26 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\Ulead Systems
[2012/04/11 00:11:54 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\WildTangentv1002
[2012/02/26 23:51:22 | 000,000,000 | ---D | M] -- C:\Users\Olga\AppData\Roaming\Windows Live Writer
[2012/04/15 23:20:29 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[diver79]

Hi Olgita,

Search Conduit showed up in the logs which could account for the redirects. We will remove it with a custom OTL fix

First, we need to remove some programs from the PC. You have two AV programs running which is not a good idea, see note below. Also you have too many security packages running, so we will remove them along with some vulnerable software.

multiple Anti Virus programs

• It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
  

  ZoneAlarm Free
  AVG 2012

• Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
• Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
• Please remove one of them.
  
  • Click on the start button
  • In the Search Programs and files text area type appwiz.cpl and press Enter
  • Press the "Remove" or "Change/Remove"...button to uninstall one of the programs listed above.

While you are here, please also uninstall the below programs.

• Adobe Reader 9.5.1 MUI
• AVG Security Toolbar
• CA Pest Patrol Realtime Protection
• Coupon Printer for Windows
• Java(TM) 6 Update 29
• XFINITY Toolbar

Now reboot the computer.
Note: You can re-install up to date versions of Adobe Reader and Java from the links below.
http://java.com/en/download/index.jsp
http://get.adobe.com/flashplayer/


Run OTL Script
We need to run an OTL Fix

• Right click OTL.exe and select Run as Administrator to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  
  Code:

  :otl
  IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=insDate04182012
  IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
  IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
  O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
  O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
  O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
  O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
  [2012/05/12 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{F9097DFE-80F3-4AA5-847A-D224896EE763}
  [2012/05/12 23:13:23 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{AFFAED47-5D0C-4A68-BA2B-DC8DA9EE31F6}
  [2012/05/12 23:13:04 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{4C1DA19E-4DA7-4BB7-9F93-562FEA63AA68}
  [2012/05/12 23:13:02 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{ED959694-DBDB-4C30-8B59-37691E9E3E92}
  [2012/05/12 23:12:49 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{F6990D3F-65C4-4A47-983A-2C77FB14007E}
  [2012/05/12 23:12:39 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{1CB6FCC8-BC33-4CE8-8484-4596E6A02C33}
  [2012/05/03 21:45:24 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{3C453E72-4947-4756-A48B-9411C6948812}
  [2012/05/03 21:44:41 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{D69141D1-7B7B-4321-BC88-A1223EF628F2}
  [2012/05/03 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\Olga\AppData\Local\{4617493C-92FD-48CE-AA17-D81F9A664DE9}
  :commands
  [EMPTYTEMP]
  [CREATERESTOREPOINT]

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Security Check

• Please download Security Check by screen317 from one of the links below:
  
  • Link 1
  • Link 2
• Save it to your Desktop.
• Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt
• Please post the contents of that document.

[Olgita]

OTL report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Olga\AppData\Local\{F9097DFE-80F3-4AA5-847A-D224896EE763} folder moved successfully.
C:\Users\Olga\AppData\Local\{AFFAED47-5D0C-4A68-BA2B-DC8DA9EE31F6} folder moved successfully.
C:\Users\Olga\AppData\Local\{4C1DA19E-4DA7-4BB7-9F93-562FEA63AA68} folder moved successfully.
C:\Users\Olga\AppData\Local\{ED959694-DBDB-4C30-8B59-37691E9E3E92} folder moved successfully.
C:\Users\Olga\AppData\Local\{F6990D3F-65C4-4A47-983A-2C77FB14007E} folder moved successfully.
C:\Users\Olga\AppData\Local\{1CB6FCC8-BC33-4CE8-8484-4596E6A02C33} folder moved successfully.
C:\Users\Olga\AppData\Local\{3C453E72-4947-4756-A48B-9411C6948812} folder moved successfully.
C:\Users\Olga\AppData\Local\{D69141D1-7B7B-4321-BC88-A1223EF628F2} folder moved successfully.
C:\Users\Olga\AppData\Local\{4617493C-92FD-48CE-AA17-D81F9A664DE9} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56900 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Olga
->Temp folder emptied: 75903455 bytes
->Temporary Internet Files folder emptied: 304245528 bytes
->Java cache emptied: 228793 bytes
->Flash cache emptied: 38257 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57549693 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 122819628 bytes

Total Files Cleaned = 535.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_001848

Files\Folders moved on Reboot...
C:\Users\Olga\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Olga\AppData\Local\Temp\~DF39BB49D3DA70236E.TMP moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPBJ2MW6\01[2].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPBJ2MW6\aceUAC[1].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPBJ2MW6\st[5] moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMQC87C0\fc[2].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ND8WE7O7\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4ILJ0FR\iframe3[4].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT1UKMLR\getAds[3].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT1UKMLR\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VRIL7C4\0[1].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VRIL7C4\0[2].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33BWDG2D\0[2].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33BWDG2D\csc-render[1].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33BWDG2D\ext-render-secure[2].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33BWDG2D\showthread[1].htm moved successfully.
C:\Users\Olga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25ZYM6PZ\0[1].htm moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT07de0.TMP not found!

Registry entries deleted on Reboot...

[Olgita]

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Spybot - Search & Destroy
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Symantec Norton Online Backup NOBuAgent.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````

[diver79]

Hi Olgita,

Looks much better. How is the PC running now? Any more redirects?

[Olgita]

Hi,
looks like no more redirects. Thank you so much for your help!!!

[diver79]

Congratulations your PC is now feee from infection Follow the below steps to remove infected restore points and tighten your systems security.

Clear infected Restore Points with OTL
We need to run an OTL Fix to remove your old restore points.

• Right click OTL.exe and select Run as Administrator to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  
  Code:

  :commands
  [CLEARALLRESTOREPOINTS]

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Clean up with OTL

• Right click OTL.exe and select Run as Administrator to start the program. This will remove all the tools we used to clean your pc.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CleanUp! button
• Say Yes to the prompt and then allow the program to reboot your computer.

Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.


Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!

diver79.

[Olgita]

I have no other questions. Again, thank you so much for your time and your help!

========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05182012_192245

[diver79]

I have no other questions. Again, thank you so much for your time and your help!

You're very welcome!

Safe surfin!