Page 7 of 8 FirstFirst ... 345678 LastLast
Results 61 to 70 of 71

Thread: Badly Infected

  1. #61
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Yes, everything looked as you described. I attached a print screen in case you wanted to take a look.
    Attached Images Attached Images

  2. #62
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Looks like they are all there just hidden from windows.

    Try this,

    Click the Windows Explorer icon
    • click the down arrow beside organize
    • Click Folders and Search Options
    • Click the view tab
    • uncheck Hide empty drives in the Computer folder
    • click apply, click ok

    Drives back?
    Last edited by oldman960; 2012-02-05 at 12:26.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  3. #63
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Yes, they are all back!!

  4. #64
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Good. Any remaining issues?

    Please open OTL and click the Quick Scan button. We'll see if there is anything left of Web Search.

    Please post the OTL.txt
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  5. #65
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Everything it running great! Thanks so much for all your help. Your forum is such a valuable resource.

    Here is the OTL log

    OTL logfile created on: 2/5/2012 1:43:23 PM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.97 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 64.36% Memory free
    6.94 Gb Paging File | 4.70 Gb Available in Paging File | 67.75% Paging File free
    Paging file location(s): c:\pagefile.sys 1000 9163 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.41 Gb Total Space | 857.05 Gb Free Space | 93.52% Space Free | Partition Type: NTFS
    Drive J: | 3.61 Gb Total Space | 3.49 Gb Free Space | 96.55% Space Free | Partition Type: FAT32

    Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Janice\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    PRC - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    PRC - C:\Program Files (x86)\Rhapsody\rhaphlpr.exe (Rhapsody International Inc.)
    PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
    PRC - C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
    PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
    PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
    PRC - c:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko9.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
    DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
    DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...w9283i9hj67767
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...w9283i9hj67767

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/20 23:31:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 12:08:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/16 20:13:49 | 000,000,000 | ---D | M]

    [2012/02/04 16:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions
    [2012/02/04 16:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2012/02/03 01:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions
    [2012/02/03 01:53:20 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
    [2012/01/08 14:23:33 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
    [2011/08/23 07:15:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com
    [2012/01/06 05:56:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\foxmarks@kei.com
    [2011/12/22 17:01:20 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\gamesbar@oberon-media.com
    [2012/02/02 23:07:55 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com
    [2011/12/30 22:30:15 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\plugin@yontoo.com
    [2011/08/11 06:29:03 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\textlinks@arcadeweb.com
    [2011/12/30 22:41:29 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\wecarereminder@bryan
    [2011/06/21 23:02:15 | 000,002,571 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\askcom.xml
    [2012/01/31 23:57:15 | 000,002,282 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\surf-canyon.xml
    [2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/07/29 13:20:43 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
    () (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
    () (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    [2012/01/01 12:08:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/15 06:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
    [2011/10/11 08:21:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/10/16 20:03:58 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober441754614.xml
    [2011/12/16 15:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
    [2011/11/11 11:18:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
    O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
    O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/..._WEB_Win32.cab (20-20 3D Viewer for WEB)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.0.1 205.171.3.25
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [1980/01/01 11:18:44 | 000,000,179 | RH-- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/04 18:10:00 | 011,661,312 | ---- | C] (Rhapsody International Inc.) -- C:\Users\Janice\Desktop\rhapsody.exe
    [2012/02/04 17:54:11 | 000,000,000 | ---D | C] -- C:\Temp
    [2012/02/04 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Philips-Songbird
    [2012/02/04 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\Philips-Songbird
    [2012/02/04 16:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
    [2012/02/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips
    [2012/02/04 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
    [2012/02/03 02:13:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/02/03 01:54:20 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/02/03 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\blekkotb
    [2012/02/03 01:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
    [2012/02/03 01:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb
    [2012/01/29 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/01/29 02:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/01/25 23:27:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
    [2012/01/25 20:19:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/25 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/25 08:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/01/25 08:21:02 | 000,000,000 | ---D | C] -- C:\jgh32265j
    [2012/01/20 21:58:00 | 000,000,000 | ---D | C] -- C:\jgh32442j
    [2012/01/19 22:00:25 | 000,000,000 | ---D | C] -- C:\jgh
    [2012/01/19 21:57:16 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
    [2012/01/19 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\RK_Quarantine
    [2012/01/19 06:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/18 22:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/01/17 18:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
    [2012/01/16 20:55:44 | 000,000,000 | ---D | C] -- C:\found.000

    ========== Files - Modified Within 30 Days ==========

    [2012/02/05 00:33:37 | 000,193,112 | ---- | M] () -- C:\Users\Janice\Desktop\cm.png
    [2012/02/04 18:13:19 | 000,870,128 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\mcs.rma
    [2012/02/04 18:13:19 | 000,000,004 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\799399
    [2012/02/04 18:09:56 | 011,661,312 | ---- | M] (Rhapsody International Inc.) -- C:\Users\Janice\Desktop\rhapsody.exe
    [2012/02/04 16:42:48 | 000,001,217 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Philips Songbird.lnk
    [2012/02/04 06:41:35 | 000,743,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/04 06:41:35 | 000,635,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/04 06:41:35 | 000,111,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/03 02:45:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/03 02:45:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/03 02:39:04 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2012/02/03 02:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/03 02:38:12 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/03 02:17:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/03 01:54:20 | 000,001,232 | ---- | M] () -- C:\Users\Janice\Desktop\Revo Uninstaller.lnk
    [2012/01/29 02:31:59 | 000,001,405 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/01/29 02:12:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/01/29 02:12:43 | 000,756,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/29 02:12:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/01/28 19:21:10 | 000,544,368 | ---- | M] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
    [2012/01/25 08:36:59 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
    [2012/01/25 08:19:08 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
    [2012/01/19 15:10:17 | 000,787,456 | ---- | M] () -- C:\Users\Janice\Desktop\RogueKiller.exe
    [2012/01/17 18:25:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
    [2012/01/17 18:25:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
    [2012/01/07 03:02:59 | 000,003,085 | ---- | M] () -- C:\Users\Janice\Desktop\VinylMaster Pro.lnk

    ========== Files Created - No Company Name ==========

    [2012/02/05 00:33:36 | 000,193,112 | ---- | C] () -- C:\Users\Janice\Desktop\cm.png
    [2012/02/04 16:42:48 | 000,001,217 | ---- | C] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Philips Songbird.lnk
    [2012/02/04 11:38:13 | 000,000,004 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\799399
    [2012/02/04 11:38:12 | 000,870,128 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\mcs.rma
    [2012/02/03 02:13:42 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/03 01:54:20 | 000,001,232 | ---- | C] () -- C:\Users\Janice\Desktop\Revo Uninstaller.lnk
    [2012/01/29 02:31:59 | 000,001,417 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/01/29 02:12:40 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/01/29 02:12:17 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/01/28 19:21:10 | 000,544,368 | ---- | C] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
    [2012/01/19 15:13:01 | 000,787,456 | ---- | C] () -- C:\Users\Janice\Desktop\RogueKiller.exe
    [2012/01/19 06:40:38 | 000,002,752 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/01/19 06:40:38 | 000,002,654 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    [2012/01/19 06:40:38 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Qwest Personal Digital Vault.lnk
    [2012/01/19 06:40:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
    [2012/01/19 06:40:38 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Wordscape Online Party.lnk
    [2012/01/19 06:40:38 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Online Party.lnk
    [2012/01/19 06:40:38 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\User's Guide (Gateway InfoCentre).lnk
    [2012/01/19 06:40:38 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/19 06:40:38 | 000,001,279 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/01/19 06:40:38 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/01/19 06:40:38 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
    [2012/01/19 06:40:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
    [2012/01/19 06:40:35 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/01/19 06:40:35 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
    [2012/01/19 06:40:32 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    [2012/01/19 06:40:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/01/19 06:40:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/01/19 06:40:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/01/19 06:40:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/01/19 06:40:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/01/19 06:40:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/01/19 06:40:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/01/19 06:40:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/01/19 06:40:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/01/19 06:40:32 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/01/19 06:40:32 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    [2012/01/19 06:40:32 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/01/19 06:40:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
    [2012/01/17 06:13:53 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.lnk
    [2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
    [2011/12/01 00:05:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/12/01 00:05:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/12/01 00:05:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/12/01 00:05:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/12/01 00:05:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/07 11:30:25 | 000,210,543 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2011/11/07 11:30:25 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
    [2011/11/07 07:54:46 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
    [2011/11/04 08:55:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2011/11/04 08:55:20 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2011/09/21 00:05:11 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/26 00:29:47 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/06/21 16:53:47 | 000,756,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/20 20:56:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/06/08 20:10:11 | 000,001,022 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
    [2011/02/11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2011/02/11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2011/02/11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2009/08/27 15:02:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
    [2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
    [2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
    [2000/05/15 09:52:40 | 000,003,004 | ---- | C] () -- C:\Windows\SysWow64\vmpro.ini

    ========== LOP Check ==========

    [2011/07/05 00:27:19 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Amazonia
    [2011/07/28 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Anarchy
    [2011/10/17 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Artogon
    [2011/08/24 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Big Fish Games
    [2011/09/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\BitComet
    [2011/08/28 23:54:48 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Dekovir
    [2011/06/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoft
    [2011/06/20 22:21:59 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/08/30 08:40:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Freeze Tag
    [2011/11/15 06:42:08 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\funkitron
    [2011/08/03 09:07:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GameBlend
    [2011/06/27 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\HdO Adventure
    [2011/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\NetAssistant
    [2011/08/16 20:01:56 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nevosoft Games
    [2011/08/23 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nokia Ovi Suite
    [2011/08/21 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon
    [2011/11/15 06:41:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon Media
    [2011/06/11 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Packard Bell
    [2011/07/21 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\PC Suite
    [2012/02/04 16:44:04 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Philips-Songbird
    [2011/11/18 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SpinTop Games
    [2011/08/30 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SprillRichiEng
    [2011/12/30 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SumatraPDF
    [2011/06/22 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
    [2011/12/26 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vogat Interactive
    [2011/07/29 04:51:49 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WeatherBug
    [2011/06/29 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1000
    [2011/08/11 02:20:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1001
    [2011/06/22 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Worldwinner
    [2012/01/19 23:06:05 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:FB04FBFD
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E0648389
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:987CE5C8
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:62D72D41
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5C2DDAE
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:86AE00C6
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F2B0ABCC
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8C5315B5
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AA4982C6
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:937250A8
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:95E512F2
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DE5D1324
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B68494D
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:10FC1DC1
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3E34AA
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BAEFC0C1
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F4549211
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:70FD4407
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8EBE180D
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9DADB9F7

    < End of report >

  6. #66
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,


    We missed one file. We'll remove it then one more scan. We'll clean up and remove the tools after you post back.



    Open OTL. In the lower window under Custom Scans/Fixes copy and paste the following

    Code:
    :services
    
    :files
    C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
    Click the Run Fix button.

    Please post the log.




    One more to check for stragglers.

    As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
    • Do not use this instance of your browser for anything besides doing this scan
    • When the scan is complete and the results saved, close that instance of your browser
    • Open a new one the usual way and post the results in this topic.


    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    Go here to run an online scannner from
    ESET

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.



    Please post back with
    • OTL fix log
    • ESET log if one was produced
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  7. #67
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Here are the logs

    ========== FILES ==========
    C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn moved successfully.

    OTL by OldTimer - Version 3.2.31.0 log created on 02052012_181254

    ESET:

    C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe a variant of Win32/InstallCore.F application
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
    C:\Users\Janice\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application
    C:\_OTL\MovedFiles\01182012_220707\C_ProgramData\notifyc.exe a variant of Win32/Kryptik.ZCK trojan
    C:\_OTL\MovedFiles\01182012_220707\C_Users\Janice\AppData\Roaming\configwiz.exe a variant of Win32/Kryptik.ZCK trojan
    C:\_OTL\MovedFiles\01182012_220707\C_Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe a variant of Win32/Injector.NGQ trojan

  8. #68
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Don't worry about the Cnet detections, ESET is just warning about the downloader used. The others are files we have all ready quarantined and will remove shoetly along with the tools.


    We'll clean up the tools now.

    From your desktop, please delete, if present
    • any notepads/logs that we created
    • Rogue Killer
    You can also delete any files we may have saved to your usb device. Keep the xPUD cd it may come in handy one day.

    Next

    We'll get a new copy of combofix as the one you have is quite old and will probably want to update. We will not run it but will use it for the uninstall procedure.

    Locate the copy you have now, named jgh.exe, right click it and select delete.

    Download a new copy from HERE , Make sure to save it to your desktop.


    Click the Start button, click Run. [Win7 users, go Start>"Start search"] Copy and paste the following line into the run box and click OK

    Combofix /uninstall



    Next


    Locate the copy of OTL that we renamed to iexplorer.exe. Open it then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


    I suggest you keep MBAM. Keep it updated and use it regularly.


    Updates and Upgrades

    Your java is out of date. Click your start button > Control Panel
    • Use the drop down menu beside view by and change it to small icons
    • locate java (32bit) in the list and click on it
    • when the java console opens click the update tab
    • Click update now


    Next, clear the java cache

    To clear the Java Plug-in cache:
    • Click Start > Control Panel.
    • Double-click the Java icon in the control panel.
    • On the General tab, Click Settings under Temporary Internet Files.
    • On the Temporary Files Settings screen, Click Delete Files.
    • check all boxes
    • Click OK



    Next

    You have an older version of Adobe Reader. You can download the current version HERE

    You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you chosose Foxit decline the Foxit Toolbar.

    Visit their support forum
    Foxit Forum

    In either case you should uninstall Adobe Reader 9.4.0 first. Be sure to move any PDF documents to another folder first though.


    Some Recommendations and prevention tips

    Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE .


    You should also use Spyware Blaster to help immunize your computer.

    - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    OR

    A guide to understanding and using the hosts file.

    Learn how your Hosts file can protect you and how you can protect it.
    Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
    HOSTS

    Please read the info on disabling the DNS Client before installing a custom hosts file.


    -Secure your Internet Explorer

    From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


    - Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings


    - Keep your antivirus program updated, as well as any other security programs you have.


    -More tips and programs can be found HERE


    Please post back if you have any problems.

    Take care
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  9. #69
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Thank you again for all your help. You guys rock!!

  10. #70
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    You are more than welcome.

    Take care keep safe.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •