Page 6 of 8 FirstFirst ... 2345678 LastLast
Results 51 to 60 of 71

Thread: Badly Infected

  1. 2012-02-01, 01:51 #51
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Click on the Start button > Control Panel

    Depending on your setings, either
    • click on the Uninstall a program option under the Programs category.
    • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    Uninstall the following programs

    iLivid
    Windows iLivid Toolbar



    Next
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open a notepad windows, OTL.Txt no Extras.Txt this time.

    Please post the log.
    Member of UNITE and ASAP
  2. 2012-02-01, 06:26 #52
    e28ct17
    e28ct17 is offline
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    I uninstalled iLivid with no problems, but after I uninstalled Windows iLivid Toolbar it didn't delete from the programs list. So I tried to uninstall it again and it acts like it is uninstalling, but still show up on list.

    Here is OTL log

    OTL logfile created on: 1/31/2012 11:09:06 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.97 Gb Total Physical Memory | 3.93 Gb Available Physical Memory | 65.87% Memory free
    6.94 Gb Paging File | 4.69 Gb Available in Paging File | 67.56% Paging File free
    Paging file location(s): c:\pagefile.sys 1000 9163 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.41 Gb Total Space | 856.51 Gb Free Space | 93.46% Space Free | Partition Type: NTFS

    Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Janice\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
    PRC - C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
    PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko9.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
    DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...w9283i9hj67767
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...w9283i9hj67767

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...FYMEQAodrjEGpQ
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "iLivid Web Search"
    FF - prefs.js..browser.search.selectedEngine: "My Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor="


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/20 23:31:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 12:08:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/16 20:13:49 | 000,000,000 | ---D | M]

    [2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions
    [2012/01/28 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions
    [2012/01/08 14:23:33 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
    [2011/11/01 20:33:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2011/08/23 07:15:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com
    [2012/01/06 05:56:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\foxmarks@kei.com
    [2011/12/22 17:01:20 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\gamesbar@oberon-media.com
    [2012/01/28 18:06:02 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com
    [2011/12/30 22:30:15 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\plugin@yontoo.com
    [2011/08/11 06:29:03 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\textlinks@arcadeweb.com
    [2011/12/30 22:41:29 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\wecarereminder@bryan
    [2011/06/21 23:02:15 | 000,002,571 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\askcom.xml
    [2012/01/05 10:52:16 | 000,009,987 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml
    [2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml
    [2012/01/24 21:54:43 | 000,002,282 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\surf-canyon.xml
    [2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/07/29 13:20:43 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
    () (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
    () (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    [2012/01/01 12:08:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/15 06:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
    [2011/10/11 08:21:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/10/16 20:03:58 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober441754614.xml
    [2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
    [2011/11/11 11:18:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2011/08/21 22:21:35 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober112634188.xml
    [2011/08/24 00:27:46 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober174870194.xml
    [2011/08/24 00:54:09 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober176453105.xml
    [2011/11/25 12:08:02 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober232756486.xml
    [2011/11/15 06:41:17 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober275019326.xml
    [2011/11/18 17:31:05 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober64933824.xml

    O1 HOSTS File: ([2012/01/25 09:18:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
    O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/..._WEB_Win32.cab (20-20 3D Viewer for WEB)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.0.1 205.171.3.25
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/29 02:21:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2012/01/29 02:21:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2012/01/29 02:21:16 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/01/29 02:21:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/01/29 02:21:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/01/29 02:21:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/01/29 02:21:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/01/29 02:21:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/01/29 02:21:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/01/29 02:21:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2012/01/29 02:21:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2012/01/29 02:21:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2012/01/29 02:21:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2012/01/29 02:21:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2012/01/29 02:21:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2012/01/29 02:21:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
    [2012/01/29 02:21:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/01/29 02:21:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/01/29 02:21:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/01/29 02:21:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2012/01/29 02:21:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2012/01/29 02:21:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2012/01/29 02:21:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/01/29 02:21:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/01/29 02:21:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2012/01/29 02:21:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2012/01/29 02:21:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
    [2012/01/29 02:21:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2012/01/29 02:21:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2012/01/29 02:21:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
    [2012/01/29 02:21:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2012/01/29 02:21:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2012/01/29 02:21:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2012/01/29 02:21:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2012/01/29 02:21:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/01/29 02:21:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2012/01/29 02:21:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2012/01/29 02:21:16 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2012/01/29 02:21:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2012/01/29 02:21:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
    [2012/01/29 02:21:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2012/01/29 02:21:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2012/01/29 02:21:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2012/01/29 02:21:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2012/01/29 02:21:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/01/29 02:21:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2012/01/29 02:21:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2012/01/29 02:21:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2012/01/29 02:21:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2012/01/29 02:21:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2012/01/29 02:21:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2012/01/29 02:21:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2012/01/29 02:21:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2012/01/29 02:21:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2012/01/29 02:21:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2012/01/29 02:21:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2012/01/29 02:21:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2012/01/29 02:21:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/01/29 02:21:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2012/01/29 02:21:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2012/01/29 02:21:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2012/01/29 02:21:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2012/01/29 02:21:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2012/01/29 02:21:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2012/01/29 02:21:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2012/01/29 02:21:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2012/01/29 02:21:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2012/01/29 02:21:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2012/01/29 02:21:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2012/01/29 02:21:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2012/01/29 02:21:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2012/01/29 02:21:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2012/01/29 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/01/29 02:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/01/29 02:08:49 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/01/29 02:08:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
    [2012/01/29 02:08:49 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
    [2012/01/29 02:08:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2012/01/29 02:08:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2012/01/29 02:08:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2012/01/25 23:27:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
    [2012/01/25 20:19:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/25 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/25 08:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/01/25 08:21:02 | 000,000,000 | ---D | C] -- C:\jgh32265j
    [2012/01/20 21:58:00 | 000,000,000 | ---D | C] -- C:\jgh32442j
    [2012/01/19 22:00:25 | 000,000,000 | ---D | C] -- C:\jgh
    [2012/01/19 21:57:16 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
    [2012/01/19 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\RK_Quarantine
    [2012/01/19 06:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/18 22:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/01/17 18:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
    [2012/01/17 00:13:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
    [2012/01/17 00:13:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/01/17 00:13:00 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
    [2012/01/17 00:13:00 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/01/17 00:12:47 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2012/01/17 00:12:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2012/01/17 00:12:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2012/01/16 20:55:44 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/01/05 01:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2012/01/05 01:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2012/01/03 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Real
    [2012/01/03 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
    [2012/01/03 22:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody

    ========== Files - Modified Within 30 Days ==========

    [2012/01/31 22:36:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/31 22:36:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/30 21:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/30 21:11:46 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/29 02:31:59 | 000,001,405 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/29 02:21:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2012/01/29 02:21:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2012/01/29 02:21:16 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/01/29 02:21:16 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/01/29 02:21:16 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/01/29 02:21:16 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/01/29 02:21:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/01/29 02:21:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/01/29 02:21:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/01/29 02:21:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2012/01/29 02:21:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2012/01/29 02:21:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2012/01/29 02:21:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2012/01/29 02:21:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2012/01/29 02:21:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2012/01/29 02:21:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
    [2012/01/29 02:21:16 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/01/29 02:21:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/01/29 02:21:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/01/29 02:21:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2012/01/29 02:21:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2012/01/29 02:21:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2012/01/29 02:21:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/01/29 02:21:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/01/29 02:21:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2012/01/29 02:21:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2012/01/29 02:21:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
    [2012/01/29 02:21:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2012/01/29 02:21:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2012/01/29 02:21:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
    [2012/01/29 02:21:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2012/01/29 02:21:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2012/01/29 02:21:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2012/01/29 02:21:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2012/01/29 02:21:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/01/29 02:21:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2012/01/29 02:21:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2012/01/29 02:21:16 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2012/01/29 02:21:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2012/01/29 02:21:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
    [2012/01/29 02:21:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2012/01/29 02:21:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2012/01/29 02:21:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2012/01/29 02:21:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2012/01/29 02:21:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/01/29 02:21:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2012/01/29 02:21:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2012/01/29 02:21:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2012/01/29 02:21:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2012/01/29 02:21:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2012/01/29 02:21:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2012/01/29 02:21:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2012/01/29 02:21:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2012/01/29 02:21:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2012/01/29 02:21:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2012/01/29 02:21:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2012/01/29 02:21:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/01/29 02:21:16 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/01/29 02:21:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2012/01/29 02:21:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2012/01/29 02:21:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2012/01/29 02:21:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2012/01/29 02:21:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2012/01/29 02:21:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2012/01/29 02:21:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2012/01/29 02:21:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2012/01/29 02:21:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2012/01/29 02:21:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2012/01/29 02:21:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2012/01/29 02:21:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2012/01/29 02:21:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2012/01/29 02:21:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2012/01/29 02:12:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/01/29 02:12:43 | 000,756,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/29 02:12:43 | 000,634,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/29 02:12:43 | 000,111,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/29 02:12:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/01/28 19:21:10 | 000,544,368 | ---- | M] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
    [2012/01/25 09:18:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/25 08:36:59 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
    [2012/01/25 08:19:08 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
    [2012/01/22 21:21:31 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/19 15:10:17 | 000,787,456 | ---- | M] () -- C:\Users\Janice\Desktop\RogueKiller.exe
    [2012/01/17 18:25:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
    [2012/01/17 18:25:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
    [2012/01/17 11:16:23 | 000,001,096 | ---- | M] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
    [2012/01/07 03:02:59 | 000,003,085 | ---- | M] () -- C:\Users\Janice\Desktop\VinylMaster Pro.lnk
    [2012/01/03 22:27:14 | 000,000,929 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
    [2012/01/03 22:27:14 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
    [2012/01/02 22:49:57 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini

    ========== Files Created - No Company Name ==========

    [2012/01/29 02:31:59 | 000,001,417 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/01/29 02:12:40 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/01/29 02:12:17 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/01/28 19:21:10 | 000,544,368 | ---- | C] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
    [2012/01/19 15:13:01 | 000,787,456 | ---- | C] () -- C:\Users\Janice\Desktop\RogueKiller.exe
    [2012/01/19 06:40:38 | 000,002,752 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/01/19 06:40:38 | 000,002,654 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    [2012/01/19 06:40:38 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Qwest Personal Digital Vault.lnk
    [2012/01/19 06:40:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
    [2012/01/19 06:40:38 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Wordscape Online Party.lnk
    [2012/01/19 06:40:38 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Online Party.lnk
    [2012/01/19 06:40:38 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\User's Guide (Gateway InfoCentre).lnk
    [2012/01/19 06:40:38 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/19 06:40:38 | 000,001,279 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/01/19 06:40:38 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/01/19 06:40:38 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
    [2012/01/19 06:40:38 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/01/19 06:40:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
    [2012/01/19 06:40:35 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/01/19 06:40:35 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
    [2012/01/19 06:40:32 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    [2012/01/19 06:40:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/01/19 06:40:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/01/19 06:40:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/01/19 06:40:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/01/19 06:40:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/01/19 06:40:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/01/19 06:40:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/01/19 06:40:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/01/19 06:40:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/01/19 06:40:32 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/01/19 06:40:32 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    [2012/01/19 06:40:32 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/01/19 06:40:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
    [2012/01/17 11:16:23 | 000,001,096 | ---- | C] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
    [2012/01/17 06:13:53 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.lnk
    [2012/01/03 22:27:14 | 000,000,929 | ---- | C] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
    [2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
    [2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\ProgramData\w5hw08b8wo4jqn
    [2011/12/12 01:51:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1
    [2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1
    [2011/12/01 00:05:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/12/01 00:05:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/12/01 00:05:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/12/01 00:05:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/12/01 00:05:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/07 11:30:25 | 000,210,543 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2011/11/07 11:30:25 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
    [2011/11/07 07:54:46 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
    [2011/11/04 08:55:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2011/11/04 08:55:20 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2011/09/21 00:05:11 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/26 00:29:47 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/06/21 16:53:47 | 000,756,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/20 20:56:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/06/08 20:10:11 | 000,001,022 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
    [2011/02/11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2011/02/11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2011/02/11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2009/08/27 15:02:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
    [2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
    [2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
    [2000/05/15 09:52:40 | 000,003,004 | ---- | C] () -- C:\Windows\SysWow64\vmpro.ini

    ========== LOP Check ==========

    [2011/07/05 00:27:19 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Amazonia
    [2011/07/28 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Anarchy
    [2011/10/17 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Artogon
    [2011/08/24 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Big Fish Games
    [2011/09/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\BitComet
    [2011/08/28 23:54:48 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Dekovir
    [2011/06/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoft
    [2011/06/20 22:21:59 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/08/30 08:40:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Freeze Tag
    [2011/11/15 06:42:08 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\funkitron
    [2011/08/03 09:07:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GameBlend
    [2011/06/27 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\HdO Adventure
    [2011/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\NetAssistant
    [2011/08/16 20:01:56 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nevosoft Games
    [2011/08/23 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nokia Ovi Suite
    [2011/08/21 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon
    [2011/11/15 06:41:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon Media
    [2011/06/11 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Packard Bell
    [2011/07/21 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\PC Suite
    [2011/11/18 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SpinTop Games
    [2011/08/30 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SprillRichiEng
    [2011/12/30 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SumatraPDF
    [2011/06/22 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
    [2011/12/26 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vogat Interactive
    [2011/07/29 04:51:49 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WeatherBug
    [2011/06/29 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1000
    [2011/08/11 02:20:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1001
    [2011/06/22 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Worldwinner
    [2012/01/19 23:06:05 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:FB04FBFD
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E0648389
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:987CE5C8
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:62D72D41
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5C2DDAE
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:86AE00C6
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F2B0ABCC
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8C5315B5
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AA4982C6
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:937250A8
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:95E512F2
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DE5D1324
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B68494D
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:10FC1DC1
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3E34AA
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BAEFC0C1
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F4549211
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:70FD4407
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8EBE180D
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9DADB9F7

    < End of report >
  3. 2012-02-01, 08:00 #53
    e28ct17
    e28ct17 is offline
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Microsoft Security Essentials found the threat Rouge:Win/Winwebsec on my computer and I removed it.
  4. 2012-02-01, 12:03 #54
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Let's see if we can get this cleaned up.

    You have Revo Uninstaller and I see you have used it before. So let's see if we can it help out.

    Right click the Revo Uninstaller Icon on the desktop and click "Run as Administrator to start the program.

    You will now see a list of installed programs that Revo Uninstaller can remove.
    • Locate the program you are uninstalling [B]Windows iLivid Toolbar[/B>
    • Right Click the Icon then choose Uninstall.
    • Click yes to the warning and choose the Uninstall Mode
    • Choose the Advanced option and then click Next.
    • This will launch the programs built in uninstaller. Be patient it can take several seconds.
    • Once the uninstaller is done click Next.
    • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
    • Once this scan is done click Next.
    • You will then be presented of the leftover entries found by Revo Uninstaller
    • Look at ALL of the entries to ensure they relate to the uninstall.
    • Next click Select All > Delete to remove the entries.
    • Click Next.
    • If there are any program file folders left over you will be presented with a list to be removed.
    • Again look at ALL of the entries to ensure they are related to the uninstall.
    • Click Select All > Delete to remove the entries.
    • Click Finish to go back to the uninstall list.
    • Close the program



    Next

    Right click on OTL.exe and chose Run as Administrator to run it
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...FYMEQAodrjEGpQ
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor="
[2011/11/01 20:33:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/05 10:52:16 | 000,009,987 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/08/21 22:21:35 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober112634188.xml
[2011/08/24 00:27:46 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober174870194.xml
[2011/08/24 00:54:09 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober176453105.xml
[2011/11/25 12:08:02 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober232756486.xml
[2011/11/15 06:41:17 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober275019326.xml
[2011/11/18 17:31:05 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober64933824.xml
[2012/01/17 11:16:23 | 000,001,096 | ---- | M] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\ProgramData\w5hw08b8wo4jqn
[2011/12/12 01:51:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1

:Commands
[createrestorepoint]
[emptytemp]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.


    Next

    You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

    Open MBAM

    • Click the Update tab
    • Click Check for Updates
    • If an update is found, it will download and install the latest version.
    • The program will close to update and reopen.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Next

    Open OTL and get a new scan log.

    Please post back with
    • OTL fix log
    • MBAM
    • OTLscan log
    How's the computer?
    Member of UNITE and ASAP
  5. 2012-02-03, 09:46 #55
    e28ct17
    e28ct17 is offline
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    The computer seems to be working fine.


    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {36350f50-934d-11de-b33d-b7495bee80d8}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
    nx OptIn

    Windows Boot Loader
    -------------------
    identifier {36350f50-934d-11de-b33d-b7495bee80d8}
    device ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
    systemroot \windows
    nx OptIn
    winpe Yes

    Resume from Hibernate
    ---------------------
    identifier {36350f4e-934d-11de-b33d-b7495bee80d8}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {36350f51-934d-11de-b33d-b7495bee80d8}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\36350f50-934d-11de-b33d-b7495bee80d8\boot.sdi


    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    < xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Default Programs.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Windows Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe InDesign CS2.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Bitstream Font Navigator.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel CAPTURE X4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel PHOTO-PAINT X4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\CorelDRAW X4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Duplexing Wizard.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\SB Profiler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 Readme.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 User Guide PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 Programming Guide for VBA PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 VBA Object Model PDF.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Amazonia.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Collapse Crunch.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Dora's World Adventure.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape The Emerald Star.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Whisper Valley (TM).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Farm Frenzy - Pizza Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FBI Paranormal Case Extended Edition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Insaniquarium Deluxe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Mysteries 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Liong - The Lost Amulets.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Gateway Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The London Caper.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The Vegas Heist.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Play iWin Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\QuantZ.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Super Collapse 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Vampireville.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - The Secret City.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Wheel of Fortune 2.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - gateway.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\World of Goo.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\About GamesBar.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Recovery Management.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Updater.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Identity Card.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\User's Guide (Gateway InfoCentre).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Welcome Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup\Gateway MyBackup.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid\iLivid Download Manager.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Play iWin Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Jewel Quest Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Wordscape Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Jewel Quest Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Wordscape Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile software updater Agent.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero ControlCenter 4.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero Online Upgrade.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero ControlCenter 4 [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DiscSpeed [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DriveSpeed [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero Express Essentials SE [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero InfoTool [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero StartSmart Essentials [English Help].lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Express Essentials SE.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DiscSpeed.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DriveSpeed.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero InfoTool.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Jewel Quest Mysteries 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Pogo Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Pogo Games.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault\Qwest Personal Digital Vault.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood 4.0 ReadMe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Uninstall Snood.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Register Your Software.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\The Print Shop 23.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\ReadMe.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\Riverdeep License Agreement.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Readme.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Help.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! on the Web.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Scheduler.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it!.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Uninstall Trash it!.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Super Collapse 3.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Uninstall.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Yahoo! Games - Games And Online Games.lnk
    224 File(s) copied
    C:\Users\Janice\Desktop\cmd.bat deleted successfully.
    C:\Users\Janice\Desktop\cmd.txt deleted successfully.
    < xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C >
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\iLivid Download Manager.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\iTunes.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Jewel Quest Online Party.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Nero StartSmart Essentials.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Netflix.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Qwest Personal Digital Vault.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Rhapsody.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\The Print Shop 23.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\User's Guide (Gateway InfoCentre).lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\WildTangent Games App - gateway.lnk
    C:\Users\Janice\AppData\Local\Temp\smtmp\4\Wordscape Online Party.lnk
    15 File(s) copied
    C:\Users\Janice\Desktop\cmd.bat deleted successfully.
    C:\Users\Janice\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.31.0 log created on 01192012_064031
  6. 2012-02-03, 17:57 #56
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,
    ,

    Those are old logs. The OTL fix log is from Jan 19. Open Windows Explorer and navigate to C:\_OTL\Moved files. The log you are looking for will be a txt file named 02022012_XXXXXX (x's represent the time)

    The other log you posted was from bootedit. The MBAM log rquested can be located in MBAM.
    • open MBAM
    • click on the Logs tab
    • locate the last one created
    • click on it and click open

    Don't forget to get a new OTL scan log.


    Thanks
    Last edited by oldman960; 2012-02-03 at 17:58.
    Member of UNITE and ASAP
  7. 2012-02-03, 18:24 #57
    e28ct17
    e28ct17 is offline
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Hi! Sorry about that. I just noticed, but my recovery drive has disappeared. I had a few other drives and they have disappeared too. Drive C and my DVD drive are the only drives under My Computer.

    Here are the logs

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Prefs.js: "Web Search" removed from browser.search.defaultenginename
    Prefs.js: "iLivid Web Search" removed from browser.search.order.1
    Prefs.js: "My Web Search" removed from browser.search.selectedEngine
    Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=" removed from keyword.URL
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml moved successfully.
    C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober112634188.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober174870194.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober176453105.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober232756486.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober275019326.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober64933824.xml moved successfully.
    C:\Users\Janice\Desktop\Smart Protection 2012.lnk moved successfully.
    C:\ProgramData\w5hw08b8wo4jqn moved successfully.
    C:\ProgramData\hash.dat moved successfully.
    C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1 moved successfully.
    C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1 moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Janice
    ->Temp folder emptied: 7518668 bytes
    ->Temporary Internet Files folder emptied: 67781473 bytes
    ->Java cache emptied: 17439374 bytes
    ->FireFox cache emptied: 1102478468 bytes
    ->Flash cache emptied: 6676 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 69102 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1523262976 bytes

    Total Files Cleaned = 2,593.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02032012_015851

    Files\Folders moved on Reboot...
    C:\Users\Janice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\28[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\30[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\34[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\20[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\20[2].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\32[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\32[2].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\27[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\33[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\33[2].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UUSU2Y0\29[1].png moved successfully.
    C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UUSU2Y0\29[2].png moved successfully.

    Registry entries deleted on Reboot...


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.02.03.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Janice :: JANICE-PC [administrator]

    2/3/2012 2:32:15 AM
    mbam-log-2012-02-03 (02-32-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 187663
    Time elapsed: 4 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Janice\Downloads\bios_password_cracker_13azip.exe (PUP.BundleInstaller.MG) -> Quarantined and deleted successfully.
    C:\Users\Janice\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

    (end)
  8. 2012-02-03, 19:06 #58
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
    • When Computer Management opens double click on disk management
    • make sure the pane is expanded wide enough to show all partitions
    • There should be 3 listed
    The first one should be 15gb. Is it visible there?

    You should see the same image as you posted in the earlier screenshot with the exception of the 2Mb partition.
    Member of UNITE and ASAP
  9. 2012-02-04, 10:00 #59
    e28ct17
    e28ct17 is offline
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Yes, there were 3 listed....15 GB (recovery partition), 100 MB, C: drive
  10. 2012-02-04, 19:52 #60
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    When you looked in Disk Management were disks 1-5 listed in the lower panel?

    Also in the lower panel Disk0 should have been shown divided into 3 sections. Sound right?
    Member of UNITE and ASAP
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules