-
Badly Infected
I get hundred of windows popping up stating I have a virus. All of my desktop icons have disappeared and I can't do anything on my computer. I had to use my laptop to download dds and transfer it to my computer. Here are my logs
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Janice at 21:12:03 on 2012-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4722 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\consent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [winupd] C:\Users\Janice\AppData\Local\Temp:winupd.exe
uRun: [LuJmxWoSNc.exe] C:\ProgramData\LuJmxWoSNc.exe
uRun: [dplaysvr] C:\Users\Janice\AppData\Local\dplaysvr.exe
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B} : DhcpNameServer = 192.168.0.1 205.171.3.25
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 3b818f57-fa2f-4b4c-b00c-be2f55d1f438
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-27 240160]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-3 366152]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-12 16:58:23 362348 ---ha-w- C:\ProgramData\PzZKH7CZwgAL1p.exe
2012-01-12 16:32:25 63488 --sh--w- C:\Users\Janice\AppData\Local\dplayx.dll
2012-01-12 16:32:25 104448 --sh--w- C:\Users\Janice\AppData\Local\dplaysvr.exe
2012-01-12 16:32:03 344576 ---ha-w- C:\Users\Janice\AppData\Local\nsa.exe
2012-01-12 16:31:32 451436 ---ha-w- C:\ProgramData\LuJmxWoSNc.exe
2012-01-09 16:14:01 -------- d-----we C:\Windows\system64
2012-01-09 16:13:45 299008 ---ha-w- C:\Users\Janice\AppData\Local\jla.exe
2012-01-09 05:21:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-09 05:05:04 -------- d--h--w- C:\ComboFix
2012-01-06 22:33:13 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6575671-F39F-46D8-AB4F-C27D6149F639}\mpengine.dll
2012-01-05 07:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-05 07:56:14 -------- d--h--w- C:\ProgramData\Symantec
2012-01-04 04:27:02 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-01-04 04:27:01 -------- d-----w- C:\Program Files (x86)\Rhapsody
2012-01-01 18:08:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 18:08:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 18:08:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 18:08:10 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 04:30:36 -------- d--h--w- C:\Users\Janice\AppData\Roaming\SumatraPDF
2011-12-31 04:30:21 -------- d--h--w- C:\ProgramData\WeCareReminder
2011-12-31 04:30:15 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
2011-12-31 04:29:49 -------- d-----w- C:\Program Files (x86)\PDFReader
2011-12-29 02:56:18 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-29 02:55:45 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-29 02:55:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-29 02:55:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-29 02:55:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-18 08:09:44 -------- d--h--w- C:\ProgramData\PogoDGC
2011-12-18 08:09:41 -------- d-----w- C:\Program Files (x86)\Pogo Games
.
==================== Find3M ====================
.
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-13 10:31:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 21:19:38.78 ===============
-
Hi e28ct17, welcome to the forum.
To make cleaning this machine easier- Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs. - Please do not run any scans other than those requested
- Please follow all instructions in the order posted
- All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
- Do not attach any logs/reports, etc.. unless specifically requested to do so.
- If you have problems with or do not understand the instructions, Please ask before continuing.
- Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
*Important- Do not use any temproray file cleaners *
Before we start cleaning this machine let's see if we can get your icons back. Are the items in your start menu also missing?
Try this first
-Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
-Click the View tab.
Under Advanced settings, click Show hidden files and folders, and then click OK.
Desktop icons back now?
If you can use the infected computer for the next scan follow these instructions. If not I'll add some modified instructions at the end.
Download OTL to your desktop.
- Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- Check the boxes beside LOP Check and Purity Check.
- In the window under Custom Scans/Fixes copy and paste the following
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
If you can not use the infected computer to down load OTL please follow these instructions.
On the computer you are using:- download OTL from the link above and save it to the device you are using for transfering files
- copy and paste the following bolded into a notepad
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop
- name the notepad scan.txt
- save the notepad to the device along with OTL
- transfer both OTL and scan.txt to the infected computer's desktop
- follow the other steps for setting up OTL except for the copying and pasting of the custom scan
- do this instead
- double click in the white window at the bottom
- a message will appear asking if you want to load a custom scan, click yes
- navigate to where you saved the notepad scan.txt and click on it
- click open
- the text should appear in the window.
- Click the run scan button
Please post the logs produced.
Thanks
-
My desktop icons are back but I still can't use my computer. I transfered OTL to my computer but when I click on run as administrator nothing happens except a warning pops up which says "Application cannot be executed. The file OTL.exe is infected. Pleas activate your antivirus software."
-
Hi e28ct17,
Try renaming OTL.exe to OTL.scr or iexplore.exe
-
I had to zip one of the logs.
OTL Extras logfile created on: 1/17/2012 11:32:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.97 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 81.20% Memory free
6.94 Gb Paging File | 5.79 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): c:\pagefile.sys 1000 9163 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 858.06 Gb Free Space | 93.63% Space Free | Partition Type: NTFS
Drive D: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}" = The Print Shop 23
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111405753}" = Super Collapse 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005257}" = Jewel Quest Mysteries 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005536}" = Mystery P.I. The Curious Case of Counterfeit Cove
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BA9030CF-606B-42F6-ACD5-BB95219EED68}" = VinylMaster Pro V250
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"ESET Online Scanner" = ESET Online Scanner v3
"GamesBar" = GamesBar 2.0.1.82
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"iWinArcade" = iWin Games (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"Revo Uninstaller" = Revo Uninstaller 1.92
"Rhapsody" = Rhapsody
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Snood 4_is1" = Snood 4
"Temp File Cleaner" = Temp File Cleaner
"Trash it!_is1" = Trash it! version 1.80
"Web Games Player Plugin" = Web Games Player Plugin
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wordscape Online Party" = Wordscape Online Party (remove only)
"WTA-0a8f9018-e67c-4c5c-af65-246526b6425a" = FBI Paranormal Case: Extended Edition
"WTA-0cf38871-cf3c-47bd-b67d-06d575c3c02e" = Collapse Crunch
"WTA-19b7ebdd-3551-4927-846e-f5ca79d49dc6" = Escape The Emerald Star
"WTA-1ad37d5e-14b5-4133-a5b4-d41a7b0771d1" = QuantZ
"WTA-1b36ea7f-be1e-4428-80dc-5de676043a76" = Amazonia
"WTA-3ca0fc49-968d-45f9-970f-36da7d199ce0" = Escape Whisper Valley (TM)
"WTA-5596bd37-f57f-427c-af25-e82cf6a0f07b" = Mystery P.I. - The London Caper
"WTA-b60bc5d4-7313-4562-981d-73c64dd39aee" = Vampireville
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Reader" = PDF Reader
"Smart Protection 2012" = Smart Protection 2012
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/30/2011 2:05:45 AM | Computer Name = Janice-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 12/30/2011 1:19:13 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ OSession Events ]
Error - 8/16/2011 9:17:55 PM | Computer Name = Janice-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/30/2011 1:28:58 AM | Computer Name = Janice-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 241
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12/8/2011 9:48:53 AM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126
Error - 12/9/2011 10:36:55 AM | Computer Name = Janice-PC | Source = DCOM | ID = 10000
Description =
Error - 12/10/2011 11:23:19 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126
Error - 12/10/2011 11:23:49 PM | Computer Name = Janice-PC | Source = DCOM | ID = 10010
Description =
Error - 12/10/2011 11:23:49 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126
Error - 12/10/2011 11:46:42 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126
Error - 12/11/2011 3:39:10 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126
Error - 12/11/2011 3:43:31 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.
Error - 12/11/2011 3:43:31 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
Error - 12/11/2011 6:15:17 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126
< End of report >
-
Hi e28ct17,
You have several infections going on.
Let's see if we can soften this guy up a bit and get the computer more usable. After this fix check to see if your start menu and all programs menu are present and working.
I take it you still need to use another computer to access this topic. Delete the notepad you named scan.txt from the usb device.
Open a new Notepad session - Click the Start button, click run
- in the run box type notepad
- click ok
- In the notepad, Click "Format" and be certain that Word Wrap is not checked.
- Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
Code:
:Services
:PROCESSES
killallprocesses
:OTL
MOD - C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe ()
O4 - HKCU..\Run: [{24903B15-CFA6-2F4F-D499-A747DA35520F}] C:\Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe ()
O4 - HKCU..\Run: [configwiz] C:\Users\Janice\AppData\Roaming\configwiz.exe (Microsoft Corporation)
O4 - HKCU..\Run: [dplaysvr] C:\Users\Janice\AppData\Local\dplaysvr.exe ()
O4 - HKCU..\Run: [LuJmxWoSNc.exe] C:\ProgramData\LuJmxWoSNc.exe File not found
O4 - HKCU..\Run: [notifyc] C:\ProgramData\notifyc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [winupd] C:\Users\Janice\AppData\Local\Temp:winupd.exe File not found
O4 - HKCU..\RunOnce: [F4D55F3B0004240800208380B4EB2367] C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe ()
O4 - Startup: C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
:Files
dir /s "C:\Users\Janice\AppData\Local\Temp\smtmp" /c
@Alternate Data Stream - 131584 bytes -> C:\Users\Janice\AppData\Local\Temp:winupd.exe
C:\Users\Janice\AppData\Local\wyuzx.exe
C:\ProgramData\notifyc.exe
C:\Users\Janice\AppData\Roaming\configwiz.exe
C:\Users\Janice\AppData\Local\nsa.exe
C:\Users\Janice\Documents\rkCT577dI.exe
C:\Users\Janice\AppData\Local\jla.exe
C:\ProgramData\PzZKH7CZwgAL1p
C:\ProgramData\~PzZKH7CZwgAL1p
C:\ProgramData\~PzZKH7CZwgAL1pr
C:\Users\Janice\AppData\Local\gng8ry4yq61724s5t702v6
C:\ProgramData\gng8ry4yq61724s5t702v6
C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
C:\Users\Janice\Desktop\System Check.lnk
C:\ProgramData\PzZKH7CZwgAL1p.exe
C:\Users\Public\Documents\19792079
C:\Users\Janice\AppData\Local\nsa.exe
C:\Users\Janice\AppData\Local\dplaysvr.exe
C:\Users\Janice\AppData\Local\dplayx.dll
C:\Users\Janice\AppData\Local\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo
C:\ProgramData\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo
C:\Users\Janice\Documents\rkCT577dI.exe
C:\Users\Janice\AppData\Local\jla.exe
C:\Users\Janice\AppData\Local\084c31m26umegt2s4ynu2m
C:\ProgramData\084c31m26umegt2s4ynu2m
C:\Users\Janice\AppData\Local\csr7ey1du58776l8t172j6
C:\ProgramData\csr7ey1du58776l8t172j6
C:\Users\Janice\AppData\Local\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym
C:\ProgramData\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym
C:\Users\Janice\Desktop\WiNlOgOn.exe
C:\Users\Janice\Desktop\uSeRiNiT.exe
C:\Users\Janice\Desktop\eXplorer.exe
C:\Users\Janice\Desktop\rkill.exe
C:\Users\Janice\Desktop\rkill.scr
C:\Users\Janice\Desktop\rkill.com
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Protection 2012
C:\ProgramData\F4D55F3B0004240800208380B4EB2367
C:\Users\Janice\AppData\Roaming\Ogyb
C:\Users\Janice\AppData\Roaming\Egrygi
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
:Commands
[createrestorepoint]
- in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to your usb device
- in the FILE NAME box type (including the " " marks), "scan.txt"
Click save.
- transfer scan.txt to the infected computer's desktop
- open OTL (renamed to iexplore.exe) as you did before
- double click in the white window at the bottom
- a message will appear asking if you want to load a custom scan, click yes
- navigate to where you saved the notepad scan.txt and click on it
- click open
- the text should appear in the window.
- Click the Run Fix button
Please post the log produced.
Is the computer any better?
Thanks
-
Yes, my computer is running better but I got re-directed when I used Google. Here is the log:
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{24903B15-CFA6-2F4F-D499-A747DA35520F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24903B15-CFA6-2F4F-D499-A747DA35520F}\ not found.
C:\Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\configwiz deleted successfully.
C:\Users\Janice\AppData\Roaming\configwiz.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
C:\Users\Janice\AppData\Local\dplaysvr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LuJmxWoSNc.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\notifyc deleted successfully.
C:\ProgramData\notifyc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winupd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\F4D55F3B0004240800208380B4EB2367 deleted successfully.
C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe moved successfully.
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe moved successfully.
========== FILES ==========
< dir /s "C:\Users\Janice\AppData\Local\Temp\smtmp" /c >
Volume in drive C is ACER
Volume Serial Number is 7AAA-BA5F
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> 1
01/12/2012 11:30 AM <DIR> 4
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 11:01 PM 1,282 Default Programs.lnk
11/07/2011 11:32 AM 1,285 HP Solution Center.lnk
01/12/2012 11:30 AM <DIR> Programs
01/03/2012 10:27 PM 917 Rhapsody.lnk
07/13/2009 10:49 PM 1,266 Windows Update.lnk
4 File(s) 4,750 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Accessories
01/12/2012 11:30 AM <DIR> Administrative Tools
09/16/2011 10:41 AM 991 Adobe InDesign CS2.lnk
11/16/2011 08:13 PM 2,441 Adobe Reader 9.lnk
07/13/2011 11:52 PM 2,519 Apple Software Update.lnk
01/12/2012 11:30 AM <DIR> CorelDRAW Graphics Suite X4
01/12/2012 11:30 AM <DIR> GameHouse
01/12/2012 11:30 AM <DIR> Games
01/12/2012 11:30 AM <DIR> GamesBar
01/12/2012 11:30 AM <DIR> Gateway
01/12/2012 11:30 AM <DIR> Gateway MyBackup
01/12/2012 11:30 AM <DIR> HP
11/07/2011 11:32 AM 1,058 I.R.I.S. OCR Registration.lnk
01/12/2012 11:30 AM <DIR> iLivid
01/12/2012 11:30 AM <DIR> iTunes
01/12/2012 11:30 AM <DIR> iWin Games
01/12/2012 11:30 AM <DIR> LGMobile Support Tool
01/12/2012 11:30 AM <DIR> Maintenance
01/12/2012 11:30 AM <DIR> Malwarebytes' Anti-Malware
08/27/2009 02:07 PM 1,345 Media Center.lnk
01/12/2012 11:30 AM <DIR> Microsoft Office
06/06/2011 08:12 PM 2,557 Microsoft Office PowerPoint Viewer 2007.lnk
01/12/2012 11:30 AM <DIR> Microsoft Silverlight
01/12/2012 11:30 AM <DIR> Microsoft Works
06/08/2011 02:03 AM 1,151 Microsoft Works Task Launcher.lnk
06/20/2011 08:56 PM 1,158 Mozilla Firefox.lnk
01/12/2012 11:30 AM <DIR> Nero
01/12/2012 11:30 AM <DIR> Pogo Games
01/12/2012 11:30 AM <DIR> PogoDGC
01/12/2012 11:30 AM <DIR> QuickTime
01/12/2012 11:30 AM <DIR> Qwest Personal Digital Vault
01/12/2012 11:30 AM <DIR> Rhapsody
07/13/2009 10:57 PM 1,330 Sidebar.lnk
01/12/2012 11:30 AM <DIR> Snood 4
01/12/2012 11:30 AM <DIR> Startup
01/12/2012 11:30 AM <DIR> SUPERAntiSpyware
01/12/2012 11:30 AM <DIR> Tablet PC
01/12/2012 11:30 AM <DIR> The Print Shop 23
01/12/2012 11:30 AM <DIR> Trash it!
07/13/2009 10:57 PM 1,352 Windows Anytime Upgrade.lnk
08/27/2009 02:07 PM 1,326 Windows DVD Maker.lnk
07/13/2009 10:54 PM 1,210 Windows Fax and Scan.lnk
01/12/2012 11:30 AM <DIR> Windows Live
07/13/2009 11:09 PM 1,547 Windows Media Player.lnk
01/12/2012 11:30 AM <DIR> WorldWinner Games
07/13/2009 10:57 PM 1,246 XPS Viewer.lnk
01/12/2012 11:30 AM <DIR> Yahoo! Games
14 File(s) 21,231 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Accessibility
07/13/2009 10:55 PM 1,230 Calculator.lnk
07/13/2009 10:54 PM 1,266 displayswitch.lnk
08/27/2009 02:07 PM 1,364 Math Input Panel.lnk
08/27/2009 02:07 PM 1,238 Mobility Center.lnk
07/13/2009 10:54 PM 1,242 Paint.lnk
07/13/2009 10:53 PM 1,367 Remote Desktop Connection.lnk
08/27/2009 02:07 PM 1,272 Snipping Tool.lnk
07/13/2009 10:57 PM 1,330 Sound Recorder.lnk
08/27/2009 02:07 PM 1,351 Sticky Notes.lnk
07/13/2009 10:54 PM 1,254 Sync Center.lnk
01/12/2012 11:30 AM <DIR> System Tools
01/12/2012 11:30 AM <DIR> Tablet PC
07/13/2009 10:57 PM 1,579 Welcome Center.lnk
01/12/2012 11:30 AM <DIR> Windows PowerShell
07/13/2009 10:54 PM 1,322 Wordpad.lnk
12 File(s) 15,815 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:57 PM 1,388 Speech Recognition.lnk
1 File(s) 1,388 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:55 PM 1,248 Character Map.lnk
07/13/2009 10:54 PM 1,290 dfrgui.lnk
07/13/2009 10:54 PM 1,252 Disk Cleanup.lnk
07/13/2009 10:53 PM 1,242 Resource Monitor.lnk
07/13/2009 10:53 PM 1,250 System Information.lnk
07/13/2009 10:54 PM 1,246 System Restore.lnk
07/13/2009 10:54 PM 1,268 Task Scheduler.lnk
07/13/2009 10:57 PM 1,320 Windows Easy Transfer Reports.lnk
07/13/2009 10:57 PM 1,316 Windows Easy Transfer.lnk
9 File(s) 11,432 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:07 PM 1,436 ShapeCollector.lnk
08/27/2009 02:07 PM 1,386 TabTip.lnk
08/27/2009 02:07 PM 1,316 Windows Journal.lnk
3 File(s) 4,138 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 11:32 PM 1,989 Windows PowerShell (x86).lnk
07/13/2009 10:57 PM 1,468 Windows PowerShell ISE (x86).lnk
07/13/2009 10:57 PM 1,468 Windows PowerShell ISE.lnk
07/13/2009 11:32 PM 1,899 Windows PowerShell.lnk
4 File(s) 6,824 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:57 PM 1,242 Component Services.lnk
07/13/2009 10:54 PM 1,294 Computer Management.lnk
07/13/2009 10:53 PM 1,270 Data Sources (ODBC).lnk
07/13/2009 10:54 PM 1,298 Event Viewer.lnk
07/13/2009 10:54 PM 1,274 iSCSI Initiator.lnk
07/13/2009 10:53 PM 1,268 Memory Diagnostics Tool.lnk
07/16/2011 02:56 PM 1,332 Microsoft .NET Framework 1.1 Configuration.lnk
07/16/2011 02:56 PM 1,383 Microsoft .NET Framework 1.1 Wizards.lnk
07/13/2009 10:53 PM 1,232 Performance Monitor.lnk
07/13/2009 10:54 PM 1,288 services.lnk
07/13/2009 10:53 PM 1,246 System Configuration.lnk
07/13/2009 10:54 PM 1,262 Task Scheduler.lnk
07/13/2009 10:53 PM 1,274 Windows Firewall with Advanced Security.lnk
07/13/2009 11:32 PM 2,741 Windows PowerShell Modules.lnk
14 File(s) 19,404 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/03/2011 06:18 PM 2,659 Bitstream Font Navigator.lnk
08/03/2011 06:17 PM 2,647 Corel CAPTURE X4.lnk
08/03/2011 06:17 PM 2,655 Corel PHOTO-PAINT X4.lnk
08/03/2011 06:17 PM 2,639 CorelDRAW X4.lnk
01/12/2012 11:30 AM <DIR> Documentation
08/03/2011 06:17 PM 2,655 Duplexing Wizard.lnk
08/03/2011 06:17 PM 2,669 SB Profiler.lnk
6 File(s) 15,924 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/03/2011 06:17 PM 1,350 Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
08/03/2011 06:17 PM 1,380 CorelDRAW Graphics Suite X4 Readme.lnk
08/03/2011 06:17 PM 1,579 CorelDRAW Graphics Suite X4 User Guide PDF.lnk
08/03/2011 06:17 PM 1,288 CorelDRAW X4 Programming Guide for VBA PDF.lnk
08/03/2011 06:17 PM 1,385 CorelDRAW X4 VBA Object Model PDF.lnk
5 File(s) 6,982 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GameHouse
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/04/2011 11:17 PM 2,071 Amazonia.lnk
08/27/2009 02:32 PM 2,309 Bejeweled 2 Deluxe.lnk
08/27/2009 02:32 PM 2,313 Blackhawk Striker 2.lnk
08/27/2009 02:32 PM 2,369 Bob the Builder Can-Do-Zoo.lnk
08/27/2009 02:32 PM 2,289 Build-a-lot 3.lnk
08/27/2009 02:07 PM 352 Chess.lnk
06/22/2011 02:47 AM 2,120 Collapse Crunch.lnk
08/27/2009 02:32 PM 2,337 Dora's World Adventure.lnk
08/27/2009 02:32 PM 2,349 Eighteen Wheels of Steel Haulin'.lnk
08/27/2009 02:32 PM 2,373 Escape Rosecliff Island.lnk
06/23/2011 05:40 PM 2,317 Escape The Emerald Star.lnk
06/27/2011 10:18 PM 2,299 Escape Whisper Valley (TM).lnk
08/27/2009 02:32 PM 2,377 Farm Frenzy - Pizza Party.lnk
08/27/2009 02:32 PM 2,309 FATE Undiscovered Realms.lnk
06/27/2011 12:13 AM 248 FBI Paranormal Case Extended Edition.lnk
07/13/2009 10:55 PM 364 FreeCell.lnk
07/13/2009 10:54 PM 258 GameExplorer.lnk
07/13/2009 10:57 PM 356 Hearts.lnk
08/27/2009 02:32 PM 2,329 Insaniquarium Deluxe.lnk
08/27/2009 02:07 PM 474 Internet Backgammon.lnk
08/27/2009 02:07 PM 470 Internet Checkers.lnk
08/27/2009 02:07 PM 466 Internet Spades.lnk
08/21/2011 10:22 PM 224 Jewel Quest Mysteries 3.lnk
08/27/2009 02:32 PM 2,337 Jewel Quest Solitaire 3.lnk
08/27/2009 02:32 PM 2,317 Liong - The Lost Amulets.lnk
08/27/2009 02:07 PM 360 Mahjong.lnk
07/13/2009 10:57 PM 376 Minesweeper.lnk
08/27/2009 02:32 PM 2,480 More Games from Gateway Games.lnk
08/11/2011 02:18 AM 2,362 Mystery P.I. - The London Caper.lnk
08/27/2009 02:32 PM 2,373 Mystery P.I. - The Vegas Heist.lnk
11/18/2011 05:31 PM 276 Mystery P.I. The Curious Case of Counterfeit Cove.lnk
06/06/2011 10:35 PM 238 Play iWin Games.lnk
08/27/2009 02:32 PM 2,265 Polar Bowler.lnk
08/27/2009 02:32 PM 2,261 Polar Golfer.lnk
07/13/2009 10:57 PM 378 Purble Place.lnk
12/03/2011 09:40 PM 1,998 QuantZ.lnk
08/27/2009 02:32 PM 2,269 Scrabble.lnk
07/13/2009 10:55 PM 368 Solitaire.lnk
07/13/2009 10:57 PM 392 Spider Solitaire.lnk
09/30/2011 04:31 AM 210 Super Collapse 3.lnk
08/16/2011 07:50 PM 2,156 Vampireville.lnk
08/27/2009 02:32 PM 2,477 Virtual Villagers - The Secret City.lnk
08/27/2009 02:32 PM 2,333 Wheel of Fortune 2.lnk
12/22/2011 05:29 PM 2,676 WildTangent Games App - gateway.lnk
08/27/2009 02:32 PM 2,285 World of Goo.lnk
08/27/2009 02:32 PM 2,257 Zuma Deluxe.lnk
46 File(s) 72,817 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/15/2011 06:41 AM 1,252 About GamesBar.lnk
11/15/2011 06:41 AM 1,720 Uninstall.lnk
2 File(s) 2,972 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:46 PM 2,084 Gateway Recovery Management.lnk
08/27/2009 02:44 PM 667 Gateway Updater.lnk
08/27/2009 02:44 PM 2,176 Identity Card.lnk
08/27/2009 02:45 PM 2,120 User's Guide (Gateway InfoCentre).lnk
08/27/2009 02:46 PM 2,153 Welcome Center.lnk
5 File(s) 9,200 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:32 PM 2,260 Gateway MyBackup.lnk
1 File(s) 2,260 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/07/2011 11:32 AM 1,297 HP Solution Center.lnk
06/28/2011 10:20 PM 2,073 HP Update.lnk
2 File(s) 3,370 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/01/2011 08:35 PM 937 iLivid Download Manager.lnk
1 File(s) 937 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2011 10:08 AM 2,069 About iTunes.lnk
08/27/2011 10:08 AM 1,765 iTunes.lnk
2 File(s) 3,834 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Games
06/06/2011 10:35 PM 1,052 Play iWin Games.lnk
01/12/2012 11:30 AM <DIR> Uninstall Games
1 File(s) 1,052 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/29/2011 11:55 PM 2,076 Launch Jewel Quest Online Party.lnk
08/27/2011 04:39 AM 2,292 Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
08/27/2011 04:03 AM 2,244 Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
06/06/2011 10:39 PM 2,102 Launch Wordscape Online Party.lnk
4 File(s) 8,714 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/29/2011 11:55 PM 2,243 Uninstall Jewel Quest Online Party.lnk
06/06/2011 10:39 PM 2,261 Uninstall Wordscape Online Party.lnk
2 File(s) 4,504 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/02/2012 10:49 PM 993 LGMobile software updater Agent.lnk
11/04/2011 08:55 AM 631 LGMobile update.lnk
11/04/2011 08:55 AM 964 Uninstall.lnk
3 File(s) 2,588 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:57 PM 1,304 Backup and Restore Center.lnk
07/13/2009 10:57 PM 1,248 Create Recovery Disc.lnk
07/13/2009 10:57 PM 1,212 Remote Assistance.lnk
3 File(s) 3,764 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
10/03/2011 06:55 AM 1,095 Malwarebytes' Anti-Malware Help.lnk
10/03/2011 06:55 AM 1,095 Malwarebytes' Anti-Malware.lnk
10/03/2011 06:55 AM 1,119 Uninstall Malwarebytes' Anti-Malware.lnk
3 File(s) 3,309 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:36 PM 1,341 Microsoft Office - 60 Day Trial.lnk
09/17/2011 10:39 PM 2,643 Microsoft Office Access 2007.lnk
09/13/2011 06:39 PM 2,655 Microsoft Office Excel 2007.lnk
08/27/2009 02:35 PM 2,619 Microsoft Office OneNote 2007.lnk
09/13/2011 06:39 PM 2,693 Microsoft Office Outlook 2007.lnk
09/13/2011 06:39 PM 2,645 Microsoft Office PowerPoint 2007.lnk
09/13/2011 06:39 PM 2,611 Microsoft Office Publisher 2007.lnk
01/12/2012 11:30 AM <DIR> Microsoft Office Tools
09/13/2011 06:39 PM 2,693 Microsoft Office Word 2007.lnk
8 File(s) 19,900 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
09/13/2011 06:39 PM 2,647 Digital Certificate for VBA Projects.lnk
09/13/2011 06:39 PM 2,627 Microsoft Clip Organizer.lnk
09/13/2011 06:39 PM 2,527 Microsoft Office 2007 Language Settings.lnk
09/13/2011 06:39 PM 2,625 Microsoft Office Diagnostics.lnk
09/13/2011 06:39 PM 2,605 Microsoft Office Picture Manager.lnk
5 File(s) 13,031 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
10/16/2011 07:49 PM 2,231 Microsoft Silverlight.lnk
1 File(s) 2,231 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/06/2011 08:12 PM 2,577 Getting Started.lnk
06/06/2011 08:12 PM 2,597 Microsoft Works Calendar.lnk
06/06/2011 08:12 PM 2,605 Microsoft Works Database.lnk
06/06/2011 08:12 PM 2,647 Microsoft Works Portfolio.lnk
06/08/2011 02:03 AM 2,629 Microsoft Works Spreadsheet.lnk
06/08/2011 02:03 AM 1,157 Microsoft Works Task Launcher.lnk
06/06/2011 08:12 PM 2,649 Microsoft Works Word Processor.lnk
06/08/2011 02:03 AM 2,617 Works without Ads.lnk
8 File(s) 19,478 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Manuals
01/12/2012 11:30 AM <DIR> Nero 9
08/27/2009 02:48 PM 2,349 Nero ControlCenter 4.lnk
08/27/2009 02:48 PM 2,565 Nero Online Upgrade.lnk
2 File(s) 4,914 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:49 PM 2,163 Nero ControlCenter 4 [English Help].lnk
08/27/2009 02:49 PM 2,196 Nero DiscSpeed [English Help].lnk
08/27/2009 02:49 PM 2,212 Nero DriveSpeed [English Help].lnk
08/27/2009 02:49 PM 2,192 Nero Express Essentials SE [English Help].lnk
08/27/2009 02:49 PM 2,180 Nero InfoTool [English Help].lnk
08/27/2009 02:48 PM 2,234 Nero StartSmart Essentials [English Help].lnk
6 File(s) 13,177 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:48 PM 2,544 Nero Express Essentials SE.lnk
08/27/2009 02:47 PM 2,776 Nero StartSmart Essentials.lnk
01/12/2012 11:30 AM <DIR> Nero Toolkit
2 File(s) 5,320 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:48 PM 2,500 Nero DiscSpeed.lnk
08/27/2009 02:48 PM 2,576 Nero DriveSpeed.lnk
08/27/2009 02:48 PM 2,716 Nero InfoTool.lnk
3 File(s) 7,792 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Hidden Expedition Titanic
01/12/2012 11:30 AM <DIR> Jewel Quest Mysteries 3
01/12/2012 11:30 AM <DIR> Mystery P.I. The Curious Case of Counterfeit Cove
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Hidden Expedition Titanic
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/21/2011 10:21 PM 2,209 Jewel Quest Mysteries 3.lnk
08/21/2011 10:21 PM 1,202 Pogo Games.lnk
08/21/2011 10:21 PM 1,270 Uninstall.lnk
3 File(s) 4,681 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/18/2011 05:31 PM 2,445 Mystery P.I. The Curious Case of Counterfeit Cove.lnk
11/18/2011 05:31 PM 1,254 Pogo Games.lnk
11/18/2011 05:31 PM 1,456 Uninstall.lnk
3 File(s) 5,155 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Games
01/12/2012 11:30 AM <DIR> Uninstall Games
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC\Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC\Uninstall Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2011 09:58 AM 2,441 About QuickTime.lnk
08/27/2011 09:58 AM 2,471 PictureViewer.lnk
08/27/2011 09:58 AM 2,441 QuickTime Player.lnk
08/27/2011 09:58 AM 1,820 Uninstall QuickTime.lnk
4 File(s) 9,173 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/12/2011 09:59 AM 2,046 Qwest Personal Digital Vault.lnk
1 File(s) 2,046 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/03/2012 10:27 PM 929 Check For Rhapsody Update.lnk
01/03/2012 10:27 PM 929 Rhapsody.lnk
01/03/2012 10:27 PM 1,023 Uninstall Rhapsody.lnk
3 File(s) 2,881 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
09/25/2011 06:40 AM 964 Snood 4.0 ReadMe.lnk
09/25/2011 06:40 AM 905 Snood.lnk
09/25/2011 06:40 AM 924 Uninstall Snood.lnk
3 File(s) 2,793 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
12/30/2011 12:14 AM 1,894 Event Reminder.lnk
11/07/2011 11:32 AM 2,063 HP Digital Imaging Monitor.lnk
2 File(s) 3,957 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/22/2011 06:36 PM 1,758 SUPERAntiSpyware Alternate Start.lnk
08/22/2011 06:36 PM 932 SUPERAntiSpyware Help.lnk
08/22/2011 06:36 PM 1,830 SUPERAntiSpyware Professional.lnk
08/22/2011 06:36 PM 1,852 SUPERAntiSpyware Registration-Activation.lnk
4 File(s) 6,372 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Tablet PC
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Documents
12/30/2011 12:14 AM 2,663 Register Your Software.lnk
12/30/2011 12:14 AM 2,663 The Print Shop 23.lnk
2 File(s) 5,326 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
12/30/2011 12:14 AM 892 ReadMe.lnk
12/30/2011 12:14 AM 897 Riverdeep License Agreement.lnk
2 File(s) 1,789 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/06/2011 01:16 PM 922 Readme.lnk
08/06/2011 01:16 PM 934 Trash it! Help.lnk
08/06/2011 01:16 PM 756 Trash it! on the Web.lnk
08/06/2011 01:16 PM 984 Trash it! Scheduler.lnk
08/06/2011 01:16 PM 939 Trash it!.lnk
08/06/2011 01:16 PM 934 Uninstall Trash it!.lnk
6 File(s) 5,469 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/06/2011 08:09 PM 1,963 Windows Live Call.lnk
06/06/2011 08:10 PM 2,216 Windows Live Mail.lnk
06/06/2011 08:09 PM 2,112 Windows Live Messenger .lnk
06/06/2011 08:11 PM 2,232 Windows Live Photo Gallery.lnk
06/06/2011 08:11 PM 2,199 Windows Live Writer.lnk
5 File(s) 10,722 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/22/2011 05:50 AM 1,908 Uninstall.lnk
1 File(s) 1,908 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Super Collapse 3
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
09/30/2011 04:31 AM 2,138 Super Collapse 3.lnk
09/30/2011 04:31 AM 1,221 Uninstall.lnk
09/30/2011 04:31 AM 1,144 Yahoo! Games - Games And Online Games.lnk
3 File(s) 4,503 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\4
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/07/2011 11:32 AM 1,279 HP Solution Center.lnk
11/01/2011 08:35 PM 919 iLivid Download Manager.lnk
08/27/2011 10:08 AM 1,747 iTunes.lnk
06/29/2011 11:55 PM 2,064 Jewel Quest Online Party.lnk
07/24/2011 10:44 PM 1,077 Malwarebytes' Anti-Malware.lnk
06/08/2011 02:03 AM 1,139 Microsoft Works.lnk
06/20/2011 08:56 PM 1,146 Mozilla Firefox.lnk
08/27/2009 02:47 PM 2,752 Nero StartSmart Essentials.lnk
06/06/2011 08:02 PM 2,108 Netflix.lnk
08/12/2011 09:59 AM 2,154 Qwest Personal Digital Vault.lnk
01/03/2012 10:27 PM 911 Rhapsody.lnk
12/30/2011 12:14 AM 2,645 The Print Shop 23.lnk
08/27/2009 02:45 PM 2,034 User's Guide (Gateway InfoCentre).lnk
12/22/2011 05:29 PM 2,654 WildTangent Games App - gateway.lnk
06/06/2011 10:39 PM 2,090 Wordscape Online Party.lnk
15 File(s) 26,719 bytes
Total Files Listed:
239 File(s) 406,546 bytes
164 Dir(s) 920,978,501,632 bytes free
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
ADS C:\Users\Janice\AppData\Local\Temp:winupd.exe deleted successfully.
C:\Users\Janice\AppData\Local\wyuzx.exe moved successfully.
File\Folder C:\ProgramData\notifyc.exe not found.
File\Folder C:\Users\Janice\AppData\Roaming\configwiz.exe not found.
C:\Users\Janice\AppData\Local\nsa.exe moved successfully.
C:\Users\Janice\Documents\rkCT577dI.exe moved successfully.
C:\Users\Janice\AppData\Local\jla.exe moved successfully.
C:\ProgramData\PzZKH7CZwgAL1p moved successfully.
C:\ProgramData\~PzZKH7CZwgAL1p moved successfully.
C:\ProgramData\~PzZKH7CZwgAL1pr moved successfully.
C:\Users\Janice\AppData\Local\gng8ry4yq61724s5t702v6 moved successfully.
C:\ProgramData\gng8ry4yq61724s5t702v6 moved successfully.
C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Janice\Desktop\System Check.lnk moved successfully.
C:\ProgramData\PzZKH7CZwgAL1p.exe moved successfully.
C:\Users\Public\Documents\19792079 moved successfully.
File\Folder C:\Users\Janice\AppData\Local\nsa.exe not found.
File\Folder C:\Users\Janice\AppData\Local\dplaysvr.exe not found.
C:\Users\Janice\AppData\Local\dplayx.dll moved successfully.
C:\Users\Janice\AppData\Local\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo moved successfully.
C:\ProgramData\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo moved successfully.
File\Folder C:\Users\Janice\Documents\rkCT577dI.exe not found.
File\Folder C:\Users\Janice\AppData\Local\jla.exe not found.
C:\Users\Janice\AppData\Local\084c31m26umegt2s4ynu2m moved successfully.
C:\ProgramData\084c31m26umegt2s4ynu2m moved successfully.
C:\Users\Janice\AppData\Local\csr7ey1du58776l8t172j6 moved successfully.
C:\ProgramData\csr7ey1du58776l8t172j6 moved successfully.
C:\Users\Janice\AppData\Local\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym moved successfully.
C:\ProgramData\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym moved successfully.
C:\Users\Janice\Desktop\WiNlOgOn.exe moved successfully.
C:\Users\Janice\Desktop\uSeRiNiT.exe moved successfully.
C:\Users\Janice\Desktop\eXplorer.exe moved successfully.
C:\Users\Janice\Desktop\rkill.exe moved successfully.
C:\Users\Janice\Desktop\rkill.scr moved successfully.
C:\Users\Janice\Desktop\rkill.com moved successfully.
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Protection 2012 folder moved successfully.
C:\ProgramData\F4D55F3B0004240800208380B4EB2367 folder moved successfully.
C:\Users\Janice\AppData\Roaming\Ogyb folder moved successfully.
C:\Users\Janice\AppData\Roaming\Egrygi folder moved successfully.
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 01182012_220707
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Hi e28ct17,
Yes I expected the redirect to still be present. We haven't gone after that infection yet. We did get most of one and part of another.
Later we may need a blank CD and a usb device such as a flash drive. Do you have those?
We should be able to work directly on the infected computer now.
Next, Right click on OTL.exe and chose Run as Administrator to run it- Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
Code:
:Services
:files
xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C
xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C
:Commands
Then click the Run Fix button at the top
- Let the program run unhindered
- Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Download RogueKiller to your desktop
- Quit all running programs
- When prompted, type 6 and validate
Ater the tool has finished:
-Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
-Click the View tab.
Under Advanced settings, check Do not Show Hidden Files and Folders, and then click Apply, click OK.
Desktop icons still visible?
Click your start button. Do you see any items listed?
Try opening a couple of the programs and see if they work.
Please post back with- OTL fix log
- RogueKiller log if there was one.
If everything appears nornal in respect to icons and shorcuts we''l go after the rest when you post back.
-
I am still unable to use the infected computer. When I open up a web browser I get redirected and multiple windows open up. Also when I tried to download RougeKiller the page was in a foreign language....looks like french, so I was unable to find the download link.
Here is my log from OTL
========== SERVICES/DRIVERS ==========
========== FILES ==========
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe InDesign CS2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Bitstream Font Navigator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel CAPTURE X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel PHOTO-PAINT X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\CorelDRAW X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Duplexing Wizard.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\SB Profiler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 User Guide PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 Programming Guide for VBA PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Amazonia.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Collapse Crunch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Dora's World Adventure.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape The Emerald Star.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Whisper Valley (TM).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Farm Frenzy - Pizza Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FBI Paranormal Case Extended Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Insaniquarium Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Liong - The Lost Amulets.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Gateway Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The London Caper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The Vegas Heist.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\QuantZ.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Vampireville.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - The Secret City.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Wheel of Fortune 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\World of Goo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\About GamesBar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Recovery Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Updater.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Identity Card.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup\Gateway MyBackup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile software updater Agent.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero ControlCenter 4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero Online Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero ControlCenter 4 [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DiscSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DriveSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero Express Essentials SE [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero InfoTool [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero StartSmart Essentials [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Express Essentials SE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DiscSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DriveSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero InfoTool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood 4.0 ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Uninstall Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Register Your Software.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\Riverdeep License Agreement.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! on the Web.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Uninstall Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Yahoo! Games - Games And Online Games.lnk
224 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Netflix.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Wordscape Online Party.lnk
15 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_064031
-
Hi e28ct17,
That's the right page for RogueKiller. The link is in the middle of the page just to the right of where it says (download link). The icon looks like http://www.sur-la-toile.com/RogueKiller/rendu2.png
After you run RogueKiller make sure to follow the other steps to make sure everything looks ok. Once we are sure that your icons and start menu items are ok we'll go after the redirects.