Page 1 of 8 12345 ... LastLast
Results 1 to 10 of 71

Thread: Badly Infected

  1. #1
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default Badly Infected

    I get hundred of windows popping up stating I have a virus. All of my desktop icons have disappeared and I can't do anything on my computer. I had to use my laptop to download dds and transfer it to my computer. Here are my logs

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Janice at 21:12:03 on 2012-01-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4722 [GMT -6:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\consent.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [winupd] C:\Users\Janice\AppData\Local\Temp:winupd.exe
    uRun: [LuJmxWoSNc.exe] C:\ProgramData\LuJmxWoSNc.exe
    uRun: [dplaysvr] C:\Users\Janice\AppData\Local\dplaysvr.exe
    mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B} : DhcpNameServer = 192.168.0.1 205.171.3.25
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\
    FF - prefs.js: browser.search.selectedEngine - My Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
    FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll
    FF - plugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 3b818f57-fa2f-4b4c-b00c-be2f55d1f438
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
    R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-27 240160]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-3 366152]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-12 16:58:23 362348 ---ha-w- C:\ProgramData\PzZKH7CZwgAL1p.exe
    2012-01-12 16:32:25 63488 --sh--w- C:\Users\Janice\AppData\Local\dplayx.dll
    2012-01-12 16:32:25 104448 --sh--w- C:\Users\Janice\AppData\Local\dplaysvr.exe
    2012-01-12 16:32:03 344576 ---ha-w- C:\Users\Janice\AppData\Local\nsa.exe
    2012-01-12 16:31:32 451436 ---ha-w- C:\ProgramData\LuJmxWoSNc.exe
    2012-01-09 16:14:01 -------- d-----we C:\Windows\system64
    2012-01-09 16:13:45 299008 ---ha-w- C:\Users\Janice\AppData\Local\jla.exe
    2012-01-09 05:21:08 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-01-09 05:05:04 -------- d--h--w- C:\ComboFix
    2012-01-06 22:33:13 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6575671-F39F-46D8-AB4F-C27D6149F639}\mpengine.dll
    2012-01-05 07:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-01-05 07:56:14 -------- d--h--w- C:\ProgramData\Symantec
    2012-01-04 04:27:02 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
    2012-01-04 04:27:01 -------- d-----w- C:\Program Files (x86)\Rhapsody
    2012-01-01 18:08:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-01 18:08:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-01 18:08:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-01 18:08:10 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-31 04:30:36 -------- d--h--w- C:\Users\Janice\AppData\Roaming\SumatraPDF
    2011-12-31 04:30:21 -------- d--h--w- C:\ProgramData\WeCareReminder
    2011-12-31 04:30:15 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
    2011-12-31 04:29:49 -------- d-----w- C:\Program Files (x86)\PDFReader
    2011-12-29 02:56:18 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-29 02:55:45 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-29 02:55:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-29 02:55:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-29 02:55:43 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-18 08:09:44 -------- d--h--w- C:\ProgramData\PogoDGC
    2011-12-18 08:09:41 -------- d-----w- C:\Program Files (x86)\Pogo Games
    .
    ==================== Find3M ====================
    .
    2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-13 10:31:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    .
    ============= FINISH: 21:19:38.78 ===============

  2. #2
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17, welcome to the forum.

    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


    *Important- Do not use any temproray file cleaners *

    Before we start cleaning this machine let's see if we can get your icons back. Are the items in your start menu also missing?

    Try this first

    -Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

    -Click the View tab.

    Under Advanced settings, click Show hidden files and folders, and then click OK.

    Desktop icons back now?

    If you can use the infected computer for the next scan follow these instructions. If not I'll add some modified instructions at the end.

    Download OTL to your desktop.
    • Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following



      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      /md5stop

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    If you can not use the infected computer to down load OTL please follow these instructions.

    On the computer you are using:
    • download OTL from the link above and save it to the device you are using for transfering files
    • copy and paste the following bolded into a notepad



      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      /md5stop


    • name the notepad scan.txt
    • save the notepad to the device along with OTL
    • transfer both OTL and scan.txt to the infected computer's desktop
    • follow the other steps for setting up OTL except for the copying and pasting of the custom scan
      • do this instead
      • double click in the white window at the bottom
      • a message will appear asking if you want to load a custom scan, click yes
      • navigate to where you saved the notepad scan.txt and click on it
      • click open
      • the text should appear in the window.
      • Click the run scan button
      Please post the logs produced.

      Thanks
    Member of UNITE and ASAP

  3. #3
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    My desktop icons are back but I still can't use my computer. I transfered OTL to my computer but when I click on run as administrator nothing happens except a warning pops up which says "Application cannot be executed. The file OTL.exe is infected. Pleas activate your antivirus software."

  4. #4
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Try renaming OTL.exe to OTL.scr or iexplore.exe
    Member of UNITE and ASAP

  5. #5
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    I had to zip one of the logs.

    OTL Extras logfile created on: 1/17/2012 11:32:20 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.97 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 81.20% Memory free
    6.94 Gb Paging File | 5.79 Gb Available in Paging File | 83.41% Paging File free
    Paging file location(s): c:\pagefile.sys 1000 9163 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.41 Gb Total Space | 858.06 Gb Free Space | 93.63% Space Free | Partition Type: NTFS
    Drive D: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
    "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}" = The Print Shop 23
    "{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
    "{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
    "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111405753}" = Super Collapse 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005257}" = Jewel Quest Mysteries 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005536}" = Mystery P.I. The Curious Case of Counterfeit Cove
    "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
    "{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
    "{BA9030CF-606B-42F6-ACD5-BB95219EED68}" = VinylMaster Pro V250
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
    "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
    "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
    "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "ESET Online Scanner" = ESET Online Scanner v3
    "GamesBar" = GamesBar 2.0.1.82
    "Gateway InfoCentre" = Gateway InfoCentre
    "Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
    "Gateway Registration" = Gateway Registration
    "Gateway Screensaver" = Gateway ScreenSaver
    "Gateway Welcome Center" = Welcome Center
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "iLivid" = iLivid
    "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
    "iWinArcade" = iWin Games (remove only)
    "Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "PROHYBRIDR" = 2007 Microsoft Office system
    "Revo Uninstaller" = Revo Uninstaller 1.92
    "Rhapsody" = Rhapsody
    "Searchqu 406 MediaBar" = Windows iLivid Toolbar
    "Snood 4_is1" = Snood 4
    "Temp File Cleaner" = Temp File Cleaner
    "Trash it!_is1" = Trash it! version 1.80
    "Web Games Player Plugin" = Web Games Player Plugin
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Wordscape Online Party" = Wordscape Online Party (remove only)
    "WTA-0a8f9018-e67c-4c5c-af65-246526b6425a" = FBI Paranormal Case: Extended Edition
    "WTA-0cf38871-cf3c-47bd-b67d-06d575c3c02e" = Collapse Crunch
    "WTA-19b7ebdd-3551-4927-846e-f5ca79d49dc6" = Escape The Emerald Star
    "WTA-1ad37d5e-14b5-4133-a5b4-d41a7b0771d1" = QuantZ
    "WTA-1b36ea7f-be1e-4428-80dc-5de676043a76" = Amazonia
    "WTA-3ca0fc49-968d-45f9-970f-36da7d199ce0" = Escape Whisper Valley (TM)
    "WTA-5596bd37-f57f-427c-af25-e82cf6a0f07b" = Mystery P.I. - The London Caper
    "WTA-b60bc5d4-7313-4562-981d-73c64dd39aee" = Vampireville

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PDF Reader" = PDF Reader
    "Smart Protection 2012" = Smart Protection 2012

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2011 2:05:45 AM | Computer Name = Janice-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 12/30/2011 1:19:13 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ OSession Events ]
    Error - 8/16/2011 9:17:55 PM | Computer Name = Janice-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/30/2011 1:28:58 AM | Computer Name = Janice-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 241
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 12/8/2011 9:48:53 AM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126

    Error - 12/9/2011 10:36:55 AM | Computer Name = Janice-PC | Source = DCOM | ID = 10000
    Description =

    Error - 12/10/2011 11:23:19 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126

    Error - 12/10/2011 11:23:49 PM | Computer Name = Janice-PC | Source = DCOM | ID = 10010
    Description =

    Error - 12/10/2011 11:23:49 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126

    Error - 12/10/2011 11:46:42 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126

    Error - 12/11/2011 3:39:10 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126

    Error - 12/11/2011 3:43:31 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 12/11/2011 3:43:31 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 12/11/2011 6:15:17 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126


    < End of report >

  6. #6
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    You have several infections going on.

    Let's see if we can soften this guy up a bit and get the computer more usable. After this fix check to see if your start menu and all programs menu are present and working.

    I take it you still need to use another computer to access this topic. Delete the notepad you named scan.txt from the usb device.

    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

    Code:
    :Services
    
    :PROCESSES
    killallprocesses
    
    :OTL
    MOD - C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe ()
    O4 - HKCU..\Run: [{24903B15-CFA6-2F4F-D499-A747DA35520F}] C:\Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe ()
    O4 - HKCU..\Run: [configwiz] C:\Users\Janice\AppData\Roaming\configwiz.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [dplaysvr] C:\Users\Janice\AppData\Local\dplaysvr.exe ()
    O4 - HKCU..\Run: [LuJmxWoSNc.exe] C:\ProgramData\LuJmxWoSNc.exe File not found
    O4 - HKCU..\Run: [notifyc] C:\ProgramData\notifyc.exe (Microsoft Corporation)
    
    O4 - HKCU..\Run: [winupd] C:\Users\Janice\AppData\Local\Temp:winupd.exe File not found
    O4 - HKCU..\RunOnce: [F4D55F3B0004240800208380B4EB2367] C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe ()
    O4 - Startup: C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
    
    :Files
    dir /s "C:\Users\Janice\AppData\Local\Temp\smtmp" /c
    @Alternate Data Stream - 131584 bytes -> C:\Users\Janice\AppData\Local\Temp:winupd.exe
    C:\Users\Janice\AppData\Local\wyuzx.exe
    C:\ProgramData\notifyc.exe
    C:\Users\Janice\AppData\Roaming\configwiz.exe
    C:\Users\Janice\AppData\Local\nsa.exe
    C:\Users\Janice\Documents\rkCT577dI.exe
    C:\Users\Janice\AppData\Local\jla.exe
    C:\ProgramData\PzZKH7CZwgAL1p
    C:\ProgramData\~PzZKH7CZwgAL1p
    C:\ProgramData\~PzZKH7CZwgAL1pr
    C:\Users\Janice\AppData\Local\gng8ry4yq61724s5t702v6
    C:\ProgramData\gng8ry4yq61724s5t702v6
    C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    C:\Users\Janice\Desktop\System Check.lnk
    C:\ProgramData\PzZKH7CZwgAL1p.exe
    C:\Users\Public\Documents\19792079
    C:\Users\Janice\AppData\Local\nsa.exe
    C:\Users\Janice\AppData\Local\dplaysvr.exe
    C:\Users\Janice\AppData\Local\dplayx.dll
    C:\Users\Janice\AppData\Local\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo
    C:\ProgramData\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo
    C:\Users\Janice\Documents\rkCT577dI.exe
    C:\Users\Janice\AppData\Local\jla.exe
    C:\Users\Janice\AppData\Local\084c31m26umegt2s4ynu2m
    C:\ProgramData\084c31m26umegt2s4ynu2m
    C:\Users\Janice\AppData\Local\csr7ey1du58776l8t172j6
    C:\ProgramData\csr7ey1du58776l8t172j6
    C:\Users\Janice\AppData\Local\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym
    C:\ProgramData\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym
    C:\Users\Janice\Desktop\WiNlOgOn.exe
    C:\Users\Janice\Desktop\uSeRiNiT.exe
    C:\Users\Janice\Desktop\eXplorer.exe
    C:\Users\Janice\Desktop\rkill.exe
    C:\Users\Janice\Desktop\rkill.scr
    C:\Users\Janice\Desktop\rkill.com
    C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Protection 2012
    C:\ProgramData\F4D55F3B0004240800208380B4EB2367
    C:\Users\Janice\AppData\Roaming\Ogyb
    C:\Users\Janice\AppData\Roaming\Egrygi
    C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    
    :Commands
    [createrestorepoint]
    • in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to your usb device
    • in the FILE NAME box type (including the " " marks), "scan.txt"
    Click save.

    • transfer scan.txt to the infected computer's desktop
    • open OTL (renamed to iexplore.exe) as you did before
    • double click in the white window at the bottom
    • a message will appear asking if you want to load a custom scan, click yes
    • navigate to where you saved the notepad scan.txt and click on it
    • click open
    • the text should appear in the window.
    • Click the Run Fix button
    Please post the log produced.

    Is the computer any better?

    Thanks
    Member of UNITE and ASAP

  7. #7
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Yes, my computer is running better but I got re-directed when I used Google. Here is the log:

    ========== SERVICES/DRIVERS ==========
    ========== PROCESSES ==========
    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{24903B15-CFA6-2F4F-D499-A747DA35520F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24903B15-CFA6-2F4F-D499-A747DA35520F}\ not found.
    C:\Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\configwiz deleted successfully.
    C:\Users\Janice\AppData\Roaming\configwiz.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
    C:\Users\Janice\AppData\Local\dplaysvr.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LuJmxWoSNc.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\notifyc deleted successfully.
    C:\ProgramData\notifyc.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winupd deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\F4D55F3B0004240800208380B4EB2367 deleted successfully.
    C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe moved successfully.
    C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe moved successfully.
    ========== FILES ==========
    < dir /s "C:\Users\Janice\AppData\Local\Temp\smtmp" /c >
    Volume in drive C is ACER
    Volume Serial Number is 7AAA-BA5F
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> 1
    01/12/2012 11:30 AM <DIR> 4
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/13/2009 11:01 PM 1,282 Default Programs.lnk
    11/07/2011 11:32 AM 1,285 HP Solution Center.lnk
    01/12/2012 11:30 AM <DIR> Programs
    01/03/2012 10:27 PM 917 Rhapsody.lnk
    07/13/2009 10:49 PM 1,266 Windows Update.lnk
    4 File(s) 4,750 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Accessories
    01/12/2012 11:30 AM <DIR> Administrative Tools
    09/16/2011 10:41 AM 991 Adobe InDesign CS2.lnk
    11/16/2011 08:13 PM 2,441 Adobe Reader 9.lnk
    07/13/2011 11:52 PM 2,519 Apple Software Update.lnk
    01/12/2012 11:30 AM <DIR> CorelDRAW Graphics Suite X4
    01/12/2012 11:30 AM <DIR> GameHouse
    01/12/2012 11:30 AM <DIR> Games
    01/12/2012 11:30 AM <DIR> GamesBar
    01/12/2012 11:30 AM <DIR> Gateway
    01/12/2012 11:30 AM <DIR> Gateway MyBackup
    01/12/2012 11:30 AM <DIR> HP
    11/07/2011 11:32 AM 1,058 I.R.I.S. OCR Registration.lnk
    01/12/2012 11:30 AM <DIR> iLivid
    01/12/2012 11:30 AM <DIR> iTunes
    01/12/2012 11:30 AM <DIR> iWin Games
    01/12/2012 11:30 AM <DIR> LGMobile Support Tool
    01/12/2012 11:30 AM <DIR> Maintenance
    01/12/2012 11:30 AM <DIR> Malwarebytes' Anti-Malware
    08/27/2009 02:07 PM 1,345 Media Center.lnk
    01/12/2012 11:30 AM <DIR> Microsoft Office
    06/06/2011 08:12 PM 2,557 Microsoft Office PowerPoint Viewer 2007.lnk
    01/12/2012 11:30 AM <DIR> Microsoft Silverlight
    01/12/2012 11:30 AM <DIR> Microsoft Works
    06/08/2011 02:03 AM 1,151 Microsoft Works Task Launcher.lnk
    06/20/2011 08:56 PM 1,158 Mozilla Firefox.lnk
    01/12/2012 11:30 AM <DIR> Nero
    01/12/2012 11:30 AM <DIR> Pogo Games
    01/12/2012 11:30 AM <DIR> PogoDGC
    01/12/2012 11:30 AM <DIR> QuickTime
    01/12/2012 11:30 AM <DIR> Qwest Personal Digital Vault
    01/12/2012 11:30 AM <DIR> Rhapsody
    07/13/2009 10:57 PM 1,330 Sidebar.lnk
    01/12/2012 11:30 AM <DIR> Snood 4
    01/12/2012 11:30 AM <DIR> Startup
    01/12/2012 11:30 AM <DIR> SUPERAntiSpyware
    01/12/2012 11:30 AM <DIR> Tablet PC
    01/12/2012 11:30 AM <DIR> The Print Shop 23
    01/12/2012 11:30 AM <DIR> Trash it!
    07/13/2009 10:57 PM 1,352 Windows Anytime Upgrade.lnk
    08/27/2009 02:07 PM 1,326 Windows DVD Maker.lnk
    07/13/2009 10:54 PM 1,210 Windows Fax and Scan.lnk
    01/12/2012 11:30 AM <DIR> Windows Live
    07/13/2009 11:09 PM 1,547 Windows Media Player.lnk
    01/12/2012 11:30 AM <DIR> WorldWinner Games
    07/13/2009 10:57 PM 1,246 XPS Viewer.lnk
    01/12/2012 11:30 AM <DIR> Yahoo! Games
    14 File(s) 21,231 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Accessibility
    07/13/2009 10:55 PM 1,230 Calculator.lnk
    07/13/2009 10:54 PM 1,266 displayswitch.lnk
    08/27/2009 02:07 PM 1,364 Math Input Panel.lnk
    08/27/2009 02:07 PM 1,238 Mobility Center.lnk
    07/13/2009 10:54 PM 1,242 Paint.lnk
    07/13/2009 10:53 PM 1,367 Remote Desktop Connection.lnk
    08/27/2009 02:07 PM 1,272 Snipping Tool.lnk
    07/13/2009 10:57 PM 1,330 Sound Recorder.lnk
    08/27/2009 02:07 PM 1,351 Sticky Notes.lnk
    07/13/2009 10:54 PM 1,254 Sync Center.lnk
    01/12/2012 11:30 AM <DIR> System Tools
    01/12/2012 11:30 AM <DIR> Tablet PC
    07/13/2009 10:57 PM 1,579 Welcome Center.lnk
    01/12/2012 11:30 AM <DIR> Windows PowerShell
    07/13/2009 10:54 PM 1,322 Wordpad.lnk
    12 File(s) 15,815 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/13/2009 10:57 PM 1,388 Speech Recognition.lnk
    1 File(s) 1,388 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/13/2009 10:55 PM 1,248 Character Map.lnk
    07/13/2009 10:54 PM 1,290 dfrgui.lnk
    07/13/2009 10:54 PM 1,252 Disk Cleanup.lnk
    07/13/2009 10:53 PM 1,242 Resource Monitor.lnk
    07/13/2009 10:53 PM 1,250 System Information.lnk
    07/13/2009 10:54 PM 1,246 System Restore.lnk
    07/13/2009 10:54 PM 1,268 Task Scheduler.lnk
    07/13/2009 10:57 PM 1,320 Windows Easy Transfer Reports.lnk
    07/13/2009 10:57 PM 1,316 Windows Easy Transfer.lnk
    9 File(s) 11,432 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:07 PM 1,436 ShapeCollector.lnk
    08/27/2009 02:07 PM 1,386 TabTip.lnk
    08/27/2009 02:07 PM 1,316 Windows Journal.lnk
    3 File(s) 4,138 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/13/2009 11:32 PM 1,989 Windows PowerShell (x86).lnk
    07/13/2009 10:57 PM 1,468 Windows PowerShell ISE (x86).lnk
    07/13/2009 10:57 PM 1,468 Windows PowerShell ISE.lnk
    07/13/2009 11:32 PM 1,899 Windows PowerShell.lnk
    4 File(s) 6,824 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/13/2009 10:57 PM 1,242 Component Services.lnk
    07/13/2009 10:54 PM 1,294 Computer Management.lnk
    07/13/2009 10:53 PM 1,270 Data Sources (ODBC).lnk
    07/13/2009 10:54 PM 1,298 Event Viewer.lnk
    07/13/2009 10:54 PM 1,274 iSCSI Initiator.lnk
    07/13/2009 10:53 PM 1,268 Memory Diagnostics Tool.lnk
    07/16/2011 02:56 PM 1,332 Microsoft .NET Framework 1.1 Configuration.lnk
    07/16/2011 02:56 PM 1,383 Microsoft .NET Framework 1.1 Wizards.lnk
    07/13/2009 10:53 PM 1,232 Performance Monitor.lnk
    07/13/2009 10:54 PM 1,288 services.lnk
    07/13/2009 10:53 PM 1,246 System Configuration.lnk
    07/13/2009 10:54 PM 1,262 Task Scheduler.lnk
    07/13/2009 10:53 PM 1,274 Windows Firewall with Advanced Security.lnk
    07/13/2009 11:32 PM 2,741 Windows PowerShell Modules.lnk
    14 File(s) 19,404 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/03/2011 06:18 PM 2,659 Bitstream Font Navigator.lnk
    08/03/2011 06:17 PM 2,647 Corel CAPTURE X4.lnk
    08/03/2011 06:17 PM 2,655 Corel PHOTO-PAINT X4.lnk
    08/03/2011 06:17 PM 2,639 CorelDRAW X4.lnk
    01/12/2012 11:30 AM <DIR> Documentation
    08/03/2011 06:17 PM 2,655 Duplexing Wizard.lnk
    08/03/2011 06:17 PM 2,669 SB Profiler.lnk
    6 File(s) 15,924 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/03/2011 06:17 PM 1,350 Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
    08/03/2011 06:17 PM 1,380 CorelDRAW Graphics Suite X4 Readme.lnk
    08/03/2011 06:17 PM 1,579 CorelDRAW Graphics Suite X4 User Guide PDF.lnk
    08/03/2011 06:17 PM 1,288 CorelDRAW X4 Programming Guide for VBA PDF.lnk
    08/03/2011 06:17 PM 1,385 CorelDRAW X4 VBA Object Model PDF.lnk
    5 File(s) 6,982 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GameHouse
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/04/2011 11:17 PM 2,071 Amazonia.lnk
    08/27/2009 02:32 PM 2,309 Bejeweled 2 Deluxe.lnk
    08/27/2009 02:32 PM 2,313 Blackhawk Striker 2.lnk
    08/27/2009 02:32 PM 2,369 Bob the Builder Can-Do-Zoo.lnk
    08/27/2009 02:32 PM 2,289 Build-a-lot 3.lnk
    08/27/2009 02:07 PM 352 Chess.lnk
    06/22/2011 02:47 AM 2,120 Collapse Crunch.lnk
    08/27/2009 02:32 PM 2,337 Dora's World Adventure.lnk
    08/27/2009 02:32 PM 2,349 Eighteen Wheels of Steel Haulin'.lnk
    08/27/2009 02:32 PM 2,373 Escape Rosecliff Island.lnk
    06/23/2011 05:40 PM 2,317 Escape The Emerald Star.lnk
    06/27/2011 10:18 PM 2,299 Escape Whisper Valley (TM).lnk
    08/27/2009 02:32 PM 2,377 Farm Frenzy - Pizza Party.lnk
    08/27/2009 02:32 PM 2,309 FATE Undiscovered Realms.lnk
    06/27/2011 12:13 AM 248 FBI Paranormal Case Extended Edition.lnk
    07/13/2009 10:55 PM 364 FreeCell.lnk
    07/13/2009 10:54 PM 258 GameExplorer.lnk
    07/13/2009 10:57 PM 356 Hearts.lnk
    08/27/2009 02:32 PM 2,329 Insaniquarium Deluxe.lnk
    08/27/2009 02:07 PM 474 Internet Backgammon.lnk
    08/27/2009 02:07 PM 470 Internet Checkers.lnk
    08/27/2009 02:07 PM 466 Internet Spades.lnk
    08/21/2011 10:22 PM 224 Jewel Quest Mysteries 3.lnk
    08/27/2009 02:32 PM 2,337 Jewel Quest Solitaire 3.lnk
    08/27/2009 02:32 PM 2,317 Liong - The Lost Amulets.lnk
    08/27/2009 02:07 PM 360 Mahjong.lnk
    07/13/2009 10:57 PM 376 Minesweeper.lnk
    08/27/2009 02:32 PM 2,480 More Games from Gateway Games.lnk
    08/11/2011 02:18 AM 2,362 Mystery P.I. - The London Caper.lnk
    08/27/2009 02:32 PM 2,373 Mystery P.I. - The Vegas Heist.lnk
    11/18/2011 05:31 PM 276 Mystery P.I. The Curious Case of Counterfeit Cove.lnk
    06/06/2011 10:35 PM 238 Play iWin Games.lnk
    08/27/2009 02:32 PM 2,265 Polar Bowler.lnk
    08/27/2009 02:32 PM 2,261 Polar Golfer.lnk
    07/13/2009 10:57 PM 378 Purble Place.lnk
    12/03/2011 09:40 PM 1,998 QuantZ.lnk
    08/27/2009 02:32 PM 2,269 Scrabble.lnk
    07/13/2009 10:55 PM 368 Solitaire.lnk
    07/13/2009 10:57 PM 392 Spider Solitaire.lnk
    09/30/2011 04:31 AM 210 Super Collapse 3.lnk
    08/16/2011 07:50 PM 2,156 Vampireville.lnk
    08/27/2009 02:32 PM 2,477 Virtual Villagers - The Secret City.lnk
    08/27/2009 02:32 PM 2,333 Wheel of Fortune 2.lnk
    12/22/2011 05:29 PM 2,676 WildTangent Games App - gateway.lnk
    08/27/2009 02:32 PM 2,285 World of Goo.lnk
    08/27/2009 02:32 PM 2,257 Zuma Deluxe.lnk
    46 File(s) 72,817 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    11/15/2011 06:41 AM 1,252 About GamesBar.lnk
    11/15/2011 06:41 AM 1,720 Uninstall.lnk
    2 File(s) 2,972 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:46 PM 2,084 Gateway Recovery Management.lnk
    08/27/2009 02:44 PM 667 Gateway Updater.lnk
    08/27/2009 02:44 PM 2,176 Identity Card.lnk
    08/27/2009 02:45 PM 2,120 User's Guide (Gateway InfoCentre).lnk
    08/27/2009 02:46 PM 2,153 Welcome Center.lnk
    5 File(s) 9,200 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:32 PM 2,260 Gateway MyBackup.lnk
    1 File(s) 2,260 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    11/07/2011 11:32 AM 1,297 HP Solution Center.lnk
    06/28/2011 10:20 PM 2,073 HP Update.lnk
    2 File(s) 3,370 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    11/01/2011 08:35 PM 937 iLivid Download Manager.lnk
    1 File(s) 937 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2011 10:08 AM 2,069 About iTunes.lnk
    08/27/2011 10:08 AM 1,765 iTunes.lnk
    2 File(s) 3,834 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Games
    06/06/2011 10:35 PM 1,052 Play iWin Games.lnk
    01/12/2012 11:30 AM <DIR> Uninstall Games
    1 File(s) 1,052 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    06/29/2011 11:55 PM 2,076 Launch Jewel Quest Online Party.lnk
    08/27/2011 04:39 AM 2,292 Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
    08/27/2011 04:03 AM 2,244 Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
    06/06/2011 10:39 PM 2,102 Launch Wordscape Online Party.lnk
    4 File(s) 8,714 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    06/29/2011 11:55 PM 2,243 Uninstall Jewel Quest Online Party.lnk
    06/06/2011 10:39 PM 2,261 Uninstall Wordscape Online Party.lnk
    2 File(s) 4,504 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/02/2012 10:49 PM 993 LGMobile software updater Agent.lnk
    11/04/2011 08:55 AM 631 LGMobile update.lnk
    11/04/2011 08:55 AM 964 Uninstall.lnk
    3 File(s) 2,588 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    07/13/2009 10:57 PM 1,304 Backup and Restore Center.lnk
    07/13/2009 10:57 PM 1,248 Create Recovery Disc.lnk
    07/13/2009 10:57 PM 1,212 Remote Assistance.lnk
    3 File(s) 3,764 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    10/03/2011 06:55 AM 1,095 Malwarebytes' Anti-Malware Help.lnk
    10/03/2011 06:55 AM 1,095 Malwarebytes' Anti-Malware.lnk
    10/03/2011 06:55 AM 1,119 Uninstall Malwarebytes' Anti-Malware.lnk
    3 File(s) 3,309 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:36 PM 1,341 Microsoft Office - 60 Day Trial.lnk
    09/17/2011 10:39 PM 2,643 Microsoft Office Access 2007.lnk
    09/13/2011 06:39 PM 2,655 Microsoft Office Excel 2007.lnk
    08/27/2009 02:35 PM 2,619 Microsoft Office OneNote 2007.lnk
    09/13/2011 06:39 PM 2,693 Microsoft Office Outlook 2007.lnk
    09/13/2011 06:39 PM 2,645 Microsoft Office PowerPoint 2007.lnk
    09/13/2011 06:39 PM 2,611 Microsoft Office Publisher 2007.lnk
    01/12/2012 11:30 AM <DIR> Microsoft Office Tools
    09/13/2011 06:39 PM 2,693 Microsoft Office Word 2007.lnk
    8 File(s) 19,900 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    09/13/2011 06:39 PM 2,647 Digital Certificate for VBA Projects.lnk
    09/13/2011 06:39 PM 2,627 Microsoft Clip Organizer.lnk
    09/13/2011 06:39 PM 2,527 Microsoft Office 2007 Language Settings.lnk
    09/13/2011 06:39 PM 2,625 Microsoft Office Diagnostics.lnk
    09/13/2011 06:39 PM 2,605 Microsoft Office Picture Manager.lnk
    5 File(s) 13,031 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    10/16/2011 07:49 PM 2,231 Microsoft Silverlight.lnk
    1 File(s) 2,231 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    06/06/2011 08:12 PM 2,577 Getting Started.lnk
    06/06/2011 08:12 PM 2,597 Microsoft Works Calendar.lnk
    06/06/2011 08:12 PM 2,605 Microsoft Works Database.lnk
    06/06/2011 08:12 PM 2,647 Microsoft Works Portfolio.lnk
    06/08/2011 02:03 AM 2,629 Microsoft Works Spreadsheet.lnk
    06/08/2011 02:03 AM 1,157 Microsoft Works Task Launcher.lnk
    06/06/2011 08:12 PM 2,649 Microsoft Works Word Processor.lnk
    06/08/2011 02:03 AM 2,617 Works without Ads.lnk
    8 File(s) 19,478 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Manuals
    01/12/2012 11:30 AM <DIR> Nero 9
    08/27/2009 02:48 PM 2,349 Nero ControlCenter 4.lnk
    08/27/2009 02:48 PM 2,565 Nero Online Upgrade.lnk
    2 File(s) 4,914 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:49 PM 2,163 Nero ControlCenter 4 [English Help].lnk
    08/27/2009 02:49 PM 2,196 Nero DiscSpeed [English Help].lnk
    08/27/2009 02:49 PM 2,212 Nero DriveSpeed [English Help].lnk
    08/27/2009 02:49 PM 2,192 Nero Express Essentials SE [English Help].lnk
    08/27/2009 02:49 PM 2,180 Nero InfoTool [English Help].lnk
    08/27/2009 02:48 PM 2,234 Nero StartSmart Essentials [English Help].lnk
    6 File(s) 13,177 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:48 PM 2,544 Nero Express Essentials SE.lnk
    08/27/2009 02:47 PM 2,776 Nero StartSmart Essentials.lnk
    01/12/2012 11:30 AM <DIR> Nero Toolkit
    2 File(s) 5,320 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2009 02:48 PM 2,500 Nero DiscSpeed.lnk
    08/27/2009 02:48 PM 2,576 Nero DriveSpeed.lnk
    08/27/2009 02:48 PM 2,716 Nero InfoTool.lnk
    3 File(s) 7,792 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Hidden Expedition Titanic
    01/12/2012 11:30 AM <DIR> Jewel Quest Mysteries 3
    01/12/2012 11:30 AM <DIR> Mystery P.I. The Curious Case of Counterfeit Cove
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Hidden Expedition Titanic
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/21/2011 10:21 PM 2,209 Jewel Quest Mysteries 3.lnk
    08/21/2011 10:21 PM 1,202 Pogo Games.lnk
    08/21/2011 10:21 PM 1,270 Uninstall.lnk
    3 File(s) 4,681 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    11/18/2011 05:31 PM 2,445 Mystery P.I. The Curious Case of Counterfeit Cove.lnk
    11/18/2011 05:31 PM 1,254 Pogo Games.lnk
    11/18/2011 05:31 PM 1,456 Uninstall.lnk
    3 File(s) 5,155 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Games
    01/12/2012 11:30 AM <DIR> Uninstall Games
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC\Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC\Uninstall Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/27/2011 09:58 AM 2,441 About QuickTime.lnk
    08/27/2011 09:58 AM 2,471 PictureViewer.lnk
    08/27/2011 09:58 AM 2,441 QuickTime Player.lnk
    08/27/2011 09:58 AM 1,820 Uninstall QuickTime.lnk
    4 File(s) 9,173 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/12/2011 09:59 AM 2,046 Qwest Personal Digital Vault.lnk
    1 File(s) 2,046 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/03/2012 10:27 PM 929 Check For Rhapsody Update.lnk
    01/03/2012 10:27 PM 929 Rhapsody.lnk
    01/03/2012 10:27 PM 1,023 Uninstall Rhapsody.lnk
    3 File(s) 2,881 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    09/25/2011 06:40 AM 964 Snood 4.0 ReadMe.lnk
    09/25/2011 06:40 AM 905 Snood.lnk
    09/25/2011 06:40 AM 924 Uninstall Snood.lnk
    3 File(s) 2,793 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    12/30/2011 12:14 AM 1,894 Event Reminder.lnk
    11/07/2011 11:32 AM 2,063 HP Digital Imaging Monitor.lnk
    2 File(s) 3,957 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/22/2011 06:36 PM 1,758 SUPERAntiSpyware Alternate Start.lnk
    08/22/2011 06:36 PM 932 SUPERAntiSpyware Help.lnk
    08/22/2011 06:36 PM 1,830 SUPERAntiSpyware Professional.lnk
    08/22/2011 06:36 PM 1,852 SUPERAntiSpyware Registration-Activation.lnk
    4 File(s) 6,372 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Tablet PC
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Documents
    12/30/2011 12:14 AM 2,663 Register Your Software.lnk
    12/30/2011 12:14 AM 2,663 The Print Shop 23.lnk
    2 File(s) 5,326 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    12/30/2011 12:14 AM 892 ReadMe.lnk
    12/30/2011 12:14 AM 897 Riverdeep License Agreement.lnk
    2 File(s) 1,789 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    08/06/2011 01:16 PM 922 Readme.lnk
    08/06/2011 01:16 PM 934 Trash it! Help.lnk
    08/06/2011 01:16 PM 756 Trash it! on the Web.lnk
    08/06/2011 01:16 PM 984 Trash it! Scheduler.lnk
    08/06/2011 01:16 PM 939 Trash it!.lnk
    08/06/2011 01:16 PM 934 Uninstall Trash it!.lnk
    6 File(s) 5,469 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    06/06/2011 08:09 PM 1,963 Windows Live Call.lnk
    06/06/2011 08:10 PM 2,216 Windows Live Mail.lnk
    06/06/2011 08:09 PM 2,112 Windows Live Messenger .lnk
    06/06/2011 08:11 PM 2,232 Windows Live Photo Gallery.lnk
    06/06/2011 08:11 PM 2,199 Windows Live Writer.lnk
    5 File(s) 10,722 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    06/22/2011 05:50 AM 1,908 Uninstall.lnk
    1 File(s) 1,908 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    01/12/2012 11:30 AM <DIR> Super Collapse 3
    0 File(s) 0 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    09/30/2011 04:31 AM 2,138 Super Collapse 3.lnk
    09/30/2011 04:31 AM 1,221 Uninstall.lnk
    09/30/2011 04:31 AM 1,144 Yahoo! Games - Games And Online Games.lnk
    3 File(s) 4,503 bytes
    Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\4
    01/12/2012 11:30 AM <DIR> .
    01/12/2012 11:30 AM <DIR> ..
    11/07/2011 11:32 AM 1,279 HP Solution Center.lnk
    11/01/2011 08:35 PM 919 iLivid Download Manager.lnk
    08/27/2011 10:08 AM 1,747 iTunes.lnk
    06/29/2011 11:55 PM 2,064 Jewel Quest Online Party.lnk
    07/24/2011 10:44 PM 1,077 Malwarebytes' Anti-Malware.lnk
    06/08/2011 02:03 AM 1,139 Microsoft Works.lnk
    06/20/2011 08:56 PM 1,146 Mozilla Firefox.lnk
    08/27/2009 02:47 PM 2,752 Nero StartSmart Essentials.lnk
    06/06/2011 08:02 PM 2,108 Netflix.lnk
    08/12/2011 09:59 AM 2,154 Qwest Personal Digital Vault.lnk
    01/03/2012 10:27 PM 911 Rhapsody.lnk
    12/30/2011 12:14 AM 2,645 The Print Shop 23.lnk
    08/27/2009 02:45 PM 2,034 User's Guide (Gateway InfoCentre).lnk
    12/22/2011 05:29 PM 2,654 WildTangent Games App - gateway.lnk
    06/06/2011 10:39 PM 2,090 Wordscape Online Party.lnk
    15 File(s) 26,719 bytes
    Total Files Listed:
    239 File(s) 406,546 bytes
    164 Dir(s) 920,978,501,632 bytes free
    C:\Users\Janice\Desktop\cmd.bat deleted successfully.
    C:\Users\Janice\Desktop\cmd.txt deleted successfully.
    ADS C:\Users\Janice\AppData\Local\Temp:winupd.exe deleted successfully.
    C:\Users\Janice\AppData\Local\wyuzx.exe moved successfully.
    File\Folder C:\ProgramData\notifyc.exe not found.
    File\Folder C:\Users\Janice\AppData\Roaming\configwiz.exe not found.
    C:\Users\Janice\AppData\Local\nsa.exe moved successfully.
    C:\Users\Janice\Documents\rkCT577dI.exe moved successfully.
    C:\Users\Janice\AppData\Local\jla.exe moved successfully.
    C:\ProgramData\PzZKH7CZwgAL1p moved successfully.
    C:\ProgramData\~PzZKH7CZwgAL1p moved successfully.
    C:\ProgramData\~PzZKH7CZwgAL1pr moved successfully.
    C:\Users\Janice\AppData\Local\gng8ry4yq61724s5t702v6 moved successfully.
    C:\ProgramData\gng8ry4yq61724s5t702v6 moved successfully.
    C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
    C:\Users\Janice\Desktop\System Check.lnk moved successfully.
    C:\ProgramData\PzZKH7CZwgAL1p.exe moved successfully.
    C:\Users\Public\Documents\19792079 moved successfully.
    File\Folder C:\Users\Janice\AppData\Local\nsa.exe not found.
    File\Folder C:\Users\Janice\AppData\Local\dplaysvr.exe not found.
    C:\Users\Janice\AppData\Local\dplayx.dll moved successfully.
    C:\Users\Janice\AppData\Local\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo moved successfully.
    C:\ProgramData\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo moved successfully.
    File\Folder C:\Users\Janice\Documents\rkCT577dI.exe not found.
    File\Folder C:\Users\Janice\AppData\Local\jla.exe not found.
    C:\Users\Janice\AppData\Local\084c31m26umegt2s4ynu2m moved successfully.
    C:\ProgramData\084c31m26umegt2s4ynu2m moved successfully.
    C:\Users\Janice\AppData\Local\csr7ey1du58776l8t172j6 moved successfully.
    C:\ProgramData\csr7ey1du58776l8t172j6 moved successfully.
    C:\Users\Janice\AppData\Local\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym moved successfully.
    C:\ProgramData\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym moved successfully.
    C:\Users\Janice\Desktop\WiNlOgOn.exe moved successfully.
    C:\Users\Janice\Desktop\uSeRiNiT.exe moved successfully.
    C:\Users\Janice\Desktop\eXplorer.exe moved successfully.
    C:\Users\Janice\Desktop\rkill.exe moved successfully.
    C:\Users\Janice\Desktop\rkill.scr moved successfully.
    C:\Users\Janice\Desktop\rkill.com moved successfully.
    C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Protection 2012 folder moved successfully.
    C:\ProgramData\F4D55F3B0004240800208380B4EB2367 folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Ogyb folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Egrygi folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.31.0 log created on 01182012_220707

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  8. #8
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Yes I expected the redirect to still be present. We haven't gone after that infection yet. We did get most of one and part of another.

    Later we may need a blank CD and a usb device such as a flash drive. Do you have those?

    We should be able to work directly on the infected computer now.

    Next, Right click on OTL.exe and chose Run as Administrator to run it
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :files
    xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C
    xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4"  "C:\Users\Public\Desktop " /H /I /S /Y /C
    :Commands
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.

    Next

    Download RogueKiller to your desktop

    1. Quit all running programs
    2. When prompted, type 6 and validate


    Ater the tool has finished:

    -Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

    -Click the View tab.

    Under Advanced settings, check Do not Show Hidden Files and Folders, and then click Apply, click OK.

    Desktop icons still visible?


    Click your start button. Do you see any items listed?


    Try opening a couple of the programs and see if they work.

    Please post back with
    • OTL fix log
    • RogueKiller log if there was one.
    If everything appears nornal in respect to icons and shorcuts we''l go after the rest when you post back.
    Member of UNITE and ASAP

  9. #9
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    I am still unable to use the infected computer. When I open up a web browser I get redirected and multiple windows open up. Also when I tried to download RougeKiller the page was in a foreign language....looks like french, so I was unable to find the download link.

    Here is my log from OTL

    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    < xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Default Programs.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Windows Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe InDesign CS2.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Bitstream Font Navigator.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel CAPTURE X4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel PHOTO-PAINT X4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\CorelDRAW X4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Duplexing Wizard.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\SB Profiler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 Readme.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 User Guide PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 Programming Guide for VBA PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 VBA Object Model PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Amazonia.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Collapse Crunch.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Dora's World Adventure.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape The Emerald Star.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Whisper Valley (TM).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Farm Frenzy - Pizza Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FBI Paranormal Case Extended Edition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Insaniquarium Deluxe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Mysteries 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Liong - The Lost Amulets.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Gateway Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The London Caper.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The Vegas Heist.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Play iWin Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\QuantZ.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Super Collapse 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Vampireville.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - The Secret City.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Wheel of Fortune 2.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - gateway.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\World of Goo.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\About GamesBar.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Recovery Management.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Updater.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Identity Card.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\User's Guide (Gateway InfoCentre).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Welcome Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup\Gateway MyBackup.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid\iLivid Download Manager.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Play iWin Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Jewel Quest Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Wordscape Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Jewel Quest Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Wordscape Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile software updater Agent.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero ControlCenter 4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero Online Upgrade.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero ControlCenter 4 [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DiscSpeed [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DriveSpeed [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero Express Essentials SE [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero InfoTool [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero StartSmart Essentials [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Express Essentials SE.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DiscSpeed.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DriveSpeed.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero InfoTool.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Jewel Quest Mysteries 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Pogo Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Pogo Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault\Qwest Personal Digital Vault.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood 4.0 ReadMe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Uninstall Snood.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Register Your Software.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\The Print Shop 23.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\ReadMe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\Riverdeep License Agreement.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Readme.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Help.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! on the Web.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Scheduler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it!.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Uninstall Trash it!.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Super Collapse 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Yahoo! Games - Games And Online Games.lnk
    224 File(s) copied
    C:\Users\Janice\Desktop\cmd.bat deleted successfully.
    C:\Users\Janice\Desktop\cmd.txt deleted successfully.
    < xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C >
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\iLivid Download Manager.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\iTunes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Jewel Quest Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Nero StartSmart Essentials.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Netflix.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Qwest Personal Digital Vault.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\The Print Shop 23.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\User's Guide (Gateway InfoCentre).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\WildTangent Games App - gateway.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Wordscape Online Party.lnk
    15 File(s) copied
    C:\Users\Janice\Desktop\cmd.bat deleted successfully.
    C:\Users\Janice\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.31.0 log created on 01192012_064031

  10. #10
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    That's the right page for RogueKiller. The link is in the middle of the page just to the right of where it says (download link). The icon looks like

    After you run RogueKiller make sure to follow the other steps to make sure everything looks ok. Once we are sure that your icons and start menu items are ok we'll go after the redirects.
    Member of UNITE and ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •