PDA

View Full Version : Badly Infected



e28ct17
2012-01-17, 05:07
I get hundred of windows popping up stating I have a virus. All of my desktop icons have disappeared and I can't do anything on my computer. I had to use my laptop to download dds and transfer it to my computer. Here are my logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Janice at 21:12:03 on 2012-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4722 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\consent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [winupd] C:\Users\Janice\AppData\Local\Temp:winupd.exe
uRun: [LuJmxWoSNc.exe] C:\ProgramData\LuJmxWoSNc.exe
uRun: [dplaysvr] C:\Users\Janice\AppData\Local\dplaysvr.exe
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B} : DhcpNameServer = 192.168.0.1 205.171.3.25
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 3b818f57-fa2f-4b4c-b00c-be2f55d1f438
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-27 240160]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-3 366152]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-12 16:58:23 362348 ---ha-w- C:\ProgramData\PzZKH7CZwgAL1p.exe
2012-01-12 16:32:25 63488 --sh--w- C:\Users\Janice\AppData\Local\dplayx.dll
2012-01-12 16:32:25 104448 --sh--w- C:\Users\Janice\AppData\Local\dplaysvr.exe
2012-01-12 16:32:03 344576 ---ha-w- C:\Users\Janice\AppData\Local\nsa.exe
2012-01-12 16:31:32 451436 ---ha-w- C:\ProgramData\LuJmxWoSNc.exe
2012-01-09 16:14:01 -------- d-----we C:\Windows\system64
2012-01-09 16:13:45 299008 ---ha-w- C:\Users\Janice\AppData\Local\jla.exe
2012-01-09 05:21:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-09 05:05:04 -------- d--h--w- C:\ComboFix
2012-01-06 22:33:13 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6575671-F39F-46D8-AB4F-C27D6149F639}\mpengine.dll
2012-01-05 07:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-05 07:56:14 -------- d--h--w- C:\ProgramData\Symantec
2012-01-04 04:27:02 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-01-04 04:27:01 -------- d-----w- C:\Program Files (x86)\Rhapsody
2012-01-01 18:08:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 18:08:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 18:08:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 18:08:10 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 04:30:36 -------- d--h--w- C:\Users\Janice\AppData\Roaming\SumatraPDF
2011-12-31 04:30:21 -------- d--h--w- C:\ProgramData\WeCareReminder
2011-12-31 04:30:15 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
2011-12-31 04:29:49 -------- d-----w- C:\Program Files (x86)\PDFReader
2011-12-29 02:56:18 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-29 02:55:45 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-29 02:55:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-29 02:55:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-29 02:55:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-18 08:09:44 -------- d--h--w- C:\ProgramData\PogoDGC
2011-12-18 08:09:41 -------- d-----w- C:\Program Files (x86)\Pogo Games
.
==================== Find3M ====================
.
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-13 10:31:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 21:19:38.78 ===============

oldman960
2012-01-17, 12:00
Hi e28ct17, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


*Important- Do not use any temproray file cleaners *

Before we start cleaning this machine let's see if we can get your icons back. Are the items in your start menu also missing?

Try this first

-Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

-Click the View tab.

Under Advanced settings, click Show hidden files and folders, and then click OK.

Desktop icons back now?

If you can use the infected computer for the next scan follow these instructions. If not I'll add some modified instructions at the end.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following



%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

If you can not use the infected computer to down load OTL please follow these instructions.

On the computer you are using:
download OTL from the link above and save it to the device you are using for transfering files
copy and paste the following bolded into a notepad



%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop



name the notepad scan.txt
save the notepad to the device along with OTL
transfer both OTL and scan.txt to the infected computer's desktop
follow the other steps for setting up OTL except for the copying and pasting of the custom scan
do this instead
double click in the white window at the bottom
a message will appear asking if you want to load a custom scan, click yes
navigate to where you saved the notepad scan.txt and click on it
click open
the text should appear in the window.
Click the run scan button
Please post the logs produced.

Thanks

e28ct17
2012-01-18, 02:50
My desktop icons are back but I still can't use my computer. I transfered OTL to my computer but when I click on run as administrator nothing happens except a warning pops up which says "Application cannot be executed. The file OTL.exe is infected. Pleas activate your antivirus software."

oldman960
2012-01-18, 05:54
Hi e28ct17,

Try renaming OTL.exe to OTL.scr or iexplore.exe

e28ct17
2012-01-18, 07:56
I had to zip one of the logs.

OTL Extras logfile created on: 1/17/2012 11:32:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 81.20% Memory free
6.94 Gb Paging File | 5.79 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): c:\pagefile.sys 1000 9163

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 858.06 Gb Free Space | 93.63% Space Free | Partition Type: NTFS
Drive D: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}" = The Print Shop 23
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111405753}" = Super Collapse 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005257}" = Jewel Quest Mysteries 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005536}" = Mystery P.I. The Curious Case of Counterfeit Cove
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BA9030CF-606B-42F6-ACD5-BB95219EED68}" = VinylMaster Pro V250
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"ESET Online Scanner" = ESET Online Scanner v3
"GamesBar" = GamesBar 2.0.1.82
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"iWinArcade" = iWin Games (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"Revo Uninstaller" = Revo Uninstaller 1.92
"Rhapsody" = Rhapsody
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Snood 4_is1" = Snood 4
"Temp File Cleaner" = Temp File Cleaner
"Trash it!_is1" = Trash it! version 1.80
"Web Games Player Plugin" = Web Games Player Plugin
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wordscape Online Party" = Wordscape Online Party (remove only)
"WTA-0a8f9018-e67c-4c5c-af65-246526b6425a" = FBI Paranormal Case: Extended Edition
"WTA-0cf38871-cf3c-47bd-b67d-06d575c3c02e" = Collapse Crunch
"WTA-19b7ebdd-3551-4927-846e-f5ca79d49dc6" = Escape The Emerald Star
"WTA-1ad37d5e-14b5-4133-a5b4-d41a7b0771d1" = QuantZ
"WTA-1b36ea7f-be1e-4428-80dc-5de676043a76" = Amazonia
"WTA-3ca0fc49-968d-45f9-970f-36da7d199ce0" = Escape Whisper Valley (TM)
"WTA-5596bd37-f57f-427c-af25-e82cf6a0f07b" = Mystery P.I. - The London Caper
"WTA-b60bc5d4-7313-4562-981d-73c64dd39aee" = Vampireville

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Reader" = PDF Reader
"Smart Protection 2012" = Smart Protection 2012

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/29/2011 4:50:44 AM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2011 2:05:45 AM | Computer Name = Janice-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 12/30/2011 1:19:13 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2011 1:19:42 PM | Computer Name = Janice-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]
Error - 8/16/2011 9:17:55 PM | Computer Name = Janice-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/30/2011 1:28:58 AM | Computer Name = Janice-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 241
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/8/2011 9:48:53 AM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 12/9/2011 10:36:55 AM | Computer Name = Janice-PC | Source = DCOM | ID = 10000
Description =

Error - 12/10/2011 11:23:19 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 12/10/2011 11:23:49 PM | Computer Name = Janice-PC | Source = DCOM | ID = 10010
Description =

Error - 12/10/2011 11:23:49 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 12/10/2011 11:46:42 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 12/11/2011 3:39:10 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 12/11/2011 3:43:31 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 12/11/2011 3:43:31 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 12/11/2011 6:15:17 PM | Computer Name = Janice-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126


< End of report >

oldman960
2012-01-19, 01:13
Hi e28ct17,

You have several infections going on.

Let's see if we can soften this guy up a bit and get the computer more usable. After this fix check to see if your start menu and all programs menu are present and working.

I take it you still need to use another computer to access this topic. Delete the notepad you named scan.txt from the usb device.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE


:Services

:PROCESSES
killallprocesses

:OTL
MOD - C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe ()
O4 - HKCU..\Run: [{24903B15-CFA6-2F4F-D499-A747DA35520F}] C:\Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe ()
O4 - HKCU..\Run: [configwiz] C:\Users\Janice\AppData\Roaming\configwiz.exe (Microsoft Corporation)
O4 - HKCU..\Run: [dplaysvr] C:\Users\Janice\AppData\Local\dplaysvr.exe ()
O4 - HKCU..\Run: [LuJmxWoSNc.exe] C:\ProgramData\LuJmxWoSNc.exe File not found
O4 - HKCU..\Run: [notifyc] C:\ProgramData\notifyc.exe (Microsoft Corporation)

O4 - HKCU..\Run: [winupd] C:\Users\Janice\AppData\Local\Temp:winupd.exe File not found
O4 - HKCU..\RunOnce: [F4D55F3B0004240800208380B4EB2367] C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe ()
O4 - Startup: C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()

:Files
dir /s "C:\Users\Janice\AppData\Local\Temp\smtmp" /c
@Alternate Data Stream - 131584 bytes -> C:\Users\Janice\AppData\Local\Temp:winupd.exe
C:\Users\Janice\AppData\Local\wyuzx.exe
C:\ProgramData\notifyc.exe
C:\Users\Janice\AppData\Roaming\configwiz.exe
C:\Users\Janice\AppData\Local\nsa.exe
C:\Users\Janice\Documents\rkCT577dI.exe
C:\Users\Janice\AppData\Local\jla.exe
C:\ProgramData\PzZKH7CZwgAL1p
C:\ProgramData\~PzZKH7CZwgAL1p
C:\ProgramData\~PzZKH7CZwgAL1pr
C:\Users\Janice\AppData\Local\gng8ry4yq61724s5t702v6
C:\ProgramData\gng8ry4yq61724s5t702v6
C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
C:\Users\Janice\Desktop\System Check.lnk
C:\ProgramData\PzZKH7CZwgAL1p.exe
C:\Users\Public\Documents\19792079
C:\Users\Janice\AppData\Local\nsa.exe
C:\Users\Janice\AppData\Local\dplaysvr.exe
C:\Users\Janice\AppData\Local\dplayx.dll
C:\Users\Janice\AppData\Local\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo
C:\ProgramData\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo
C:\Users\Janice\Documents\rkCT577dI.exe
C:\Users\Janice\AppData\Local\jla.exe
C:\Users\Janice\AppData\Local\084c31m26umegt2s4ynu2m
C:\ProgramData\084c31m26umegt2s4ynu2m
C:\Users\Janice\AppData\Local\csr7ey1du58776l8t172j6
C:\ProgramData\csr7ey1du58776l8t172j6
C:\Users\Janice\AppData\Local\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym
C:\ProgramData\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym
C:\Users\Janice\Desktop\WiNlOgOn.exe
C:\Users\Janice\Desktop\uSeRiNiT.exe
C:\Users\Janice\Desktop\eXplorer.exe
C:\Users\Janice\Desktop\rkill.exe
C:\Users\Janice\Desktop\rkill.scr
C:\Users\Janice\Desktop\rkill.com
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Protection 2012
C:\ProgramData\F4D55F3B0004240800208380B4EB2367
C:\Users\Janice\AppData\Roaming\Ogyb
C:\Users\Janice\AppData\Roaming\Egrygi
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

:Commands
[createrestorepoint]


in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to your usb device
in the FILE NAME box type (including the " " marks), "scan.txt"
Click save.


transfer scan.txt to the infected computer's desktop
open OTL (renamed to iexplore.exe) as you did before
double click in the white window at the bottom
a message will appear asking if you want to load a custom scan, click yes
navigate to where you saved the notepad scan.txt and click on it
click open
the text should appear in the window.
Click the Run Fix button
Please post the log produced.

Is the computer any better?

Thanks

e28ct17
2012-01-19, 06:15
Yes, my computer is running better but I got re-directed when I used Google. Here is the log:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{24903B15-CFA6-2F4F-D499-A747DA35520F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24903B15-CFA6-2F4F-D499-A747DA35520F}\ not found.
C:\Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\configwiz deleted successfully.
C:\Users\Janice\AppData\Roaming\configwiz.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
C:\Users\Janice\AppData\Local\dplaysvr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LuJmxWoSNc.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\notifyc deleted successfully.
C:\ProgramData\notifyc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winupd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\F4D55F3B0004240800208380B4EB2367 deleted successfully.
C:\ProgramData\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe moved successfully.
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe moved successfully.
========== FILES ==========
< dir /s "C:\Users\Janice\AppData\Local\Temp\smtmp" /c >
Volume in drive C is ACER
Volume Serial Number is 7AAA-BA5F
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> 1
01/12/2012 11:30 AM <DIR> 4
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 11:01 PM 1,282 Default Programs.lnk
11/07/2011 11:32 AM 1,285 HP Solution Center.lnk
01/12/2012 11:30 AM <DIR> Programs
01/03/2012 10:27 PM 917 Rhapsody.lnk
07/13/2009 10:49 PM 1,266 Windows Update.lnk
4 File(s) 4,750 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Accessories
01/12/2012 11:30 AM <DIR> Administrative Tools
09/16/2011 10:41 AM 991 Adobe InDesign CS2.lnk
11/16/2011 08:13 PM 2,441 Adobe Reader 9.lnk
07/13/2011 11:52 PM 2,519 Apple Software Update.lnk
01/12/2012 11:30 AM <DIR> CorelDRAW Graphics Suite X4
01/12/2012 11:30 AM <DIR> GameHouse
01/12/2012 11:30 AM <DIR> Games
01/12/2012 11:30 AM <DIR> GamesBar
01/12/2012 11:30 AM <DIR> Gateway
01/12/2012 11:30 AM <DIR> Gateway MyBackup
01/12/2012 11:30 AM <DIR> HP
11/07/2011 11:32 AM 1,058 I.R.I.S. OCR Registration.lnk
01/12/2012 11:30 AM <DIR> iLivid
01/12/2012 11:30 AM <DIR> iTunes
01/12/2012 11:30 AM <DIR> iWin Games
01/12/2012 11:30 AM <DIR> LGMobile Support Tool
01/12/2012 11:30 AM <DIR> Maintenance
01/12/2012 11:30 AM <DIR> Malwarebytes' Anti-Malware
08/27/2009 02:07 PM 1,345 Media Center.lnk
01/12/2012 11:30 AM <DIR> Microsoft Office
06/06/2011 08:12 PM 2,557 Microsoft Office PowerPoint Viewer 2007.lnk
01/12/2012 11:30 AM <DIR> Microsoft Silverlight
01/12/2012 11:30 AM <DIR> Microsoft Works
06/08/2011 02:03 AM 1,151 Microsoft Works Task Launcher.lnk
06/20/2011 08:56 PM 1,158 Mozilla Firefox.lnk
01/12/2012 11:30 AM <DIR> Nero
01/12/2012 11:30 AM <DIR> Pogo Games
01/12/2012 11:30 AM <DIR> PogoDGC
01/12/2012 11:30 AM <DIR> QuickTime
01/12/2012 11:30 AM <DIR> Qwest Personal Digital Vault
01/12/2012 11:30 AM <DIR> Rhapsody
07/13/2009 10:57 PM 1,330 Sidebar.lnk
01/12/2012 11:30 AM <DIR> Snood 4
01/12/2012 11:30 AM <DIR> Startup
01/12/2012 11:30 AM <DIR> SUPERAntiSpyware
01/12/2012 11:30 AM <DIR> Tablet PC
01/12/2012 11:30 AM <DIR> The Print Shop 23
01/12/2012 11:30 AM <DIR> Trash it!
07/13/2009 10:57 PM 1,352 Windows Anytime Upgrade.lnk
08/27/2009 02:07 PM 1,326 Windows DVD Maker.lnk
07/13/2009 10:54 PM 1,210 Windows Fax and Scan.lnk
01/12/2012 11:30 AM <DIR> Windows Live
07/13/2009 11:09 PM 1,547 Windows Media Player.lnk
01/12/2012 11:30 AM <DIR> WorldWinner Games
07/13/2009 10:57 PM 1,246 XPS Viewer.lnk
01/12/2012 11:30 AM <DIR> Yahoo! Games
14 File(s) 21,231 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Accessibility
07/13/2009 10:55 PM 1,230 Calculator.lnk
07/13/2009 10:54 PM 1,266 displayswitch.lnk
08/27/2009 02:07 PM 1,364 Math Input Panel.lnk
08/27/2009 02:07 PM 1,238 Mobility Center.lnk
07/13/2009 10:54 PM 1,242 Paint.lnk
07/13/2009 10:53 PM 1,367 Remote Desktop Connection.lnk
08/27/2009 02:07 PM 1,272 Snipping Tool.lnk
07/13/2009 10:57 PM 1,330 Sound Recorder.lnk
08/27/2009 02:07 PM 1,351 Sticky Notes.lnk
07/13/2009 10:54 PM 1,254 Sync Center.lnk
01/12/2012 11:30 AM <DIR> System Tools
01/12/2012 11:30 AM <DIR> Tablet PC
07/13/2009 10:57 PM 1,579 Welcome Center.lnk
01/12/2012 11:30 AM <DIR> Windows PowerShell
07/13/2009 10:54 PM 1,322 Wordpad.lnk
12 File(s) 15,815 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:57 PM 1,388 Speech Recognition.lnk
1 File(s) 1,388 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:55 PM 1,248 Character Map.lnk
07/13/2009 10:54 PM 1,290 dfrgui.lnk
07/13/2009 10:54 PM 1,252 Disk Cleanup.lnk
07/13/2009 10:53 PM 1,242 Resource Monitor.lnk
07/13/2009 10:53 PM 1,250 System Information.lnk
07/13/2009 10:54 PM 1,246 System Restore.lnk
07/13/2009 10:54 PM 1,268 Task Scheduler.lnk
07/13/2009 10:57 PM 1,320 Windows Easy Transfer Reports.lnk
07/13/2009 10:57 PM 1,316 Windows Easy Transfer.lnk
9 File(s) 11,432 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:07 PM 1,436 ShapeCollector.lnk
08/27/2009 02:07 PM 1,386 TabTip.lnk
08/27/2009 02:07 PM 1,316 Windows Journal.lnk
3 File(s) 4,138 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 11:32 PM 1,989 Windows PowerShell (x86).lnk
07/13/2009 10:57 PM 1,468 Windows PowerShell ISE (x86).lnk
07/13/2009 10:57 PM 1,468 Windows PowerShell ISE.lnk
07/13/2009 11:32 PM 1,899 Windows PowerShell.lnk
4 File(s) 6,824 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:57 PM 1,242 Component Services.lnk
07/13/2009 10:54 PM 1,294 Computer Management.lnk
07/13/2009 10:53 PM 1,270 Data Sources (ODBC).lnk
07/13/2009 10:54 PM 1,298 Event Viewer.lnk
07/13/2009 10:54 PM 1,274 iSCSI Initiator.lnk
07/13/2009 10:53 PM 1,268 Memory Diagnostics Tool.lnk
07/16/2011 02:56 PM 1,332 Microsoft .NET Framework 1.1 Configuration.lnk
07/16/2011 02:56 PM 1,383 Microsoft .NET Framework 1.1 Wizards.lnk
07/13/2009 10:53 PM 1,232 Performance Monitor.lnk
07/13/2009 10:54 PM 1,288 services.lnk
07/13/2009 10:53 PM 1,246 System Configuration.lnk
07/13/2009 10:54 PM 1,262 Task Scheduler.lnk
07/13/2009 10:53 PM 1,274 Windows Firewall with Advanced Security.lnk
07/13/2009 11:32 PM 2,741 Windows PowerShell Modules.lnk
14 File(s) 19,404 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/03/2011 06:18 PM 2,659 Bitstream Font Navigator.lnk
08/03/2011 06:17 PM 2,647 Corel CAPTURE X4.lnk
08/03/2011 06:17 PM 2,655 Corel PHOTO-PAINT X4.lnk
08/03/2011 06:17 PM 2,639 CorelDRAW X4.lnk
01/12/2012 11:30 AM <DIR> Documentation
08/03/2011 06:17 PM 2,655 Duplexing Wizard.lnk
08/03/2011 06:17 PM 2,669 SB Profiler.lnk
6 File(s) 15,924 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/03/2011 06:17 PM 1,350 Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
08/03/2011 06:17 PM 1,380 CorelDRAW Graphics Suite X4 Readme.lnk
08/03/2011 06:17 PM 1,579 CorelDRAW Graphics Suite X4 User Guide PDF.lnk
08/03/2011 06:17 PM 1,288 CorelDRAW X4 Programming Guide for VBA PDF.lnk
08/03/2011 06:17 PM 1,385 CorelDRAW X4 VBA Object Model PDF.lnk
5 File(s) 6,982 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GameHouse
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/04/2011 11:17 PM 2,071 Amazonia.lnk
08/27/2009 02:32 PM 2,309 Bejeweled 2 Deluxe.lnk
08/27/2009 02:32 PM 2,313 Blackhawk Striker 2.lnk
08/27/2009 02:32 PM 2,369 Bob the Builder Can-Do-Zoo.lnk
08/27/2009 02:32 PM 2,289 Build-a-lot 3.lnk
08/27/2009 02:07 PM 352 Chess.lnk
06/22/2011 02:47 AM 2,120 Collapse Crunch.lnk
08/27/2009 02:32 PM 2,337 Dora's World Adventure.lnk
08/27/2009 02:32 PM 2,349 Eighteen Wheels of Steel Haulin'.lnk
08/27/2009 02:32 PM 2,373 Escape Rosecliff Island.lnk
06/23/2011 05:40 PM 2,317 Escape The Emerald Star.lnk
06/27/2011 10:18 PM 2,299 Escape Whisper Valley (TM).lnk
08/27/2009 02:32 PM 2,377 Farm Frenzy - Pizza Party.lnk
08/27/2009 02:32 PM 2,309 FATE Undiscovered Realms.lnk
06/27/2011 12:13 AM 248 FBI Paranormal Case Extended Edition.lnk
07/13/2009 10:55 PM 364 FreeCell.lnk
07/13/2009 10:54 PM 258 GameExplorer.lnk
07/13/2009 10:57 PM 356 Hearts.lnk
08/27/2009 02:32 PM 2,329 Insaniquarium Deluxe.lnk
08/27/2009 02:07 PM 474 Internet Backgammon.lnk
08/27/2009 02:07 PM 470 Internet Checkers.lnk
08/27/2009 02:07 PM 466 Internet Spades.lnk
08/21/2011 10:22 PM 224 Jewel Quest Mysteries 3.lnk
08/27/2009 02:32 PM 2,337 Jewel Quest Solitaire 3.lnk
08/27/2009 02:32 PM 2,317 Liong - The Lost Amulets.lnk
08/27/2009 02:07 PM 360 Mahjong.lnk
07/13/2009 10:57 PM 376 Minesweeper.lnk
08/27/2009 02:32 PM 2,480 More Games from Gateway Games.lnk
08/11/2011 02:18 AM 2,362 Mystery P.I. - The London Caper.lnk
08/27/2009 02:32 PM 2,373 Mystery P.I. - The Vegas Heist.lnk
11/18/2011 05:31 PM 276 Mystery P.I. The Curious Case of Counterfeit Cove.lnk
06/06/2011 10:35 PM 238 Play iWin Games.lnk
08/27/2009 02:32 PM 2,265 Polar Bowler.lnk
08/27/2009 02:32 PM 2,261 Polar Golfer.lnk
07/13/2009 10:57 PM 378 Purble Place.lnk
12/03/2011 09:40 PM 1,998 QuantZ.lnk
08/27/2009 02:32 PM 2,269 Scrabble.lnk
07/13/2009 10:55 PM 368 Solitaire.lnk
07/13/2009 10:57 PM 392 Spider Solitaire.lnk
09/30/2011 04:31 AM 210 Super Collapse 3.lnk
08/16/2011 07:50 PM 2,156 Vampireville.lnk
08/27/2009 02:32 PM 2,477 Virtual Villagers - The Secret City.lnk
08/27/2009 02:32 PM 2,333 Wheel of Fortune 2.lnk
12/22/2011 05:29 PM 2,676 WildTangent Games App - gateway.lnk
08/27/2009 02:32 PM 2,285 World of Goo.lnk
08/27/2009 02:32 PM 2,257 Zuma Deluxe.lnk
46 File(s) 72,817 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/15/2011 06:41 AM 1,252 About GamesBar.lnk
11/15/2011 06:41 AM 1,720 Uninstall.lnk
2 File(s) 2,972 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:46 PM 2,084 Gateway Recovery Management.lnk
08/27/2009 02:44 PM 667 Gateway Updater.lnk
08/27/2009 02:44 PM 2,176 Identity Card.lnk
08/27/2009 02:45 PM 2,120 User's Guide (Gateway InfoCentre).lnk
08/27/2009 02:46 PM 2,153 Welcome Center.lnk
5 File(s) 9,200 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:32 PM 2,260 Gateway MyBackup.lnk
1 File(s) 2,260 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/07/2011 11:32 AM 1,297 HP Solution Center.lnk
06/28/2011 10:20 PM 2,073 HP Update.lnk
2 File(s) 3,370 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/01/2011 08:35 PM 937 iLivid Download Manager.lnk
1 File(s) 937 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2011 10:08 AM 2,069 About iTunes.lnk
08/27/2011 10:08 AM 1,765 iTunes.lnk
2 File(s) 3,834 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Games
06/06/2011 10:35 PM 1,052 Play iWin Games.lnk
01/12/2012 11:30 AM <DIR> Uninstall Games
1 File(s) 1,052 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/29/2011 11:55 PM 2,076 Launch Jewel Quest Online Party.lnk
08/27/2011 04:39 AM 2,292 Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
08/27/2011 04:03 AM 2,244 Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
06/06/2011 10:39 PM 2,102 Launch Wordscape Online Party.lnk
4 File(s) 8,714 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/29/2011 11:55 PM 2,243 Uninstall Jewel Quest Online Party.lnk
06/06/2011 10:39 PM 2,261 Uninstall Wordscape Online Party.lnk
2 File(s) 4,504 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/02/2012 10:49 PM 993 LGMobile software updater Agent.lnk
11/04/2011 08:55 AM 631 LGMobile update.lnk
11/04/2011 08:55 AM 964 Uninstall.lnk
3 File(s) 2,588 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
07/13/2009 10:57 PM 1,304 Backup and Restore Center.lnk
07/13/2009 10:57 PM 1,248 Create Recovery Disc.lnk
07/13/2009 10:57 PM 1,212 Remote Assistance.lnk
3 File(s) 3,764 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
10/03/2011 06:55 AM 1,095 Malwarebytes' Anti-Malware Help.lnk
10/03/2011 06:55 AM 1,095 Malwarebytes' Anti-Malware.lnk
10/03/2011 06:55 AM 1,119 Uninstall Malwarebytes' Anti-Malware.lnk
3 File(s) 3,309 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:36 PM 1,341 Microsoft Office - 60 Day Trial.lnk
09/17/2011 10:39 PM 2,643 Microsoft Office Access 2007.lnk
09/13/2011 06:39 PM 2,655 Microsoft Office Excel 2007.lnk
08/27/2009 02:35 PM 2,619 Microsoft Office OneNote 2007.lnk
09/13/2011 06:39 PM 2,693 Microsoft Office Outlook 2007.lnk
09/13/2011 06:39 PM 2,645 Microsoft Office PowerPoint 2007.lnk
09/13/2011 06:39 PM 2,611 Microsoft Office Publisher 2007.lnk
01/12/2012 11:30 AM <DIR> Microsoft Office Tools
09/13/2011 06:39 PM 2,693 Microsoft Office Word 2007.lnk
8 File(s) 19,900 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
09/13/2011 06:39 PM 2,647 Digital Certificate for VBA Projects.lnk
09/13/2011 06:39 PM 2,627 Microsoft Clip Organizer.lnk
09/13/2011 06:39 PM 2,527 Microsoft Office 2007 Language Settings.lnk
09/13/2011 06:39 PM 2,625 Microsoft Office Diagnostics.lnk
09/13/2011 06:39 PM 2,605 Microsoft Office Picture Manager.lnk
5 File(s) 13,031 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
10/16/2011 07:49 PM 2,231 Microsoft Silverlight.lnk
1 File(s) 2,231 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/06/2011 08:12 PM 2,577 Getting Started.lnk
06/06/2011 08:12 PM 2,597 Microsoft Works Calendar.lnk
06/06/2011 08:12 PM 2,605 Microsoft Works Database.lnk
06/06/2011 08:12 PM 2,647 Microsoft Works Portfolio.lnk
06/08/2011 02:03 AM 2,629 Microsoft Works Spreadsheet.lnk
06/08/2011 02:03 AM 1,157 Microsoft Works Task Launcher.lnk
06/06/2011 08:12 PM 2,649 Microsoft Works Word Processor.lnk
06/08/2011 02:03 AM 2,617 Works without Ads.lnk
8 File(s) 19,478 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Manuals
01/12/2012 11:30 AM <DIR> Nero 9
08/27/2009 02:48 PM 2,349 Nero ControlCenter 4.lnk
08/27/2009 02:48 PM 2,565 Nero Online Upgrade.lnk
2 File(s) 4,914 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:49 PM 2,163 Nero ControlCenter 4 [English Help].lnk
08/27/2009 02:49 PM 2,196 Nero DiscSpeed [English Help].lnk
08/27/2009 02:49 PM 2,212 Nero DriveSpeed [English Help].lnk
08/27/2009 02:49 PM 2,192 Nero Express Essentials SE [English Help].lnk
08/27/2009 02:49 PM 2,180 Nero InfoTool [English Help].lnk
08/27/2009 02:48 PM 2,234 Nero StartSmart Essentials [English Help].lnk
6 File(s) 13,177 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:48 PM 2,544 Nero Express Essentials SE.lnk
08/27/2009 02:47 PM 2,776 Nero StartSmart Essentials.lnk
01/12/2012 11:30 AM <DIR> Nero Toolkit
2 File(s) 5,320 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2009 02:48 PM 2,500 Nero DiscSpeed.lnk
08/27/2009 02:48 PM 2,576 Nero DriveSpeed.lnk
08/27/2009 02:48 PM 2,716 Nero InfoTool.lnk
3 File(s) 7,792 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Hidden Expedition Titanic
01/12/2012 11:30 AM <DIR> Jewel Quest Mysteries 3
01/12/2012 11:30 AM <DIR> Mystery P.I. The Curious Case of Counterfeit Cove
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Hidden Expedition Titanic
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/21/2011 10:21 PM 2,209 Jewel Quest Mysteries 3.lnk
08/21/2011 10:21 PM 1,202 Pogo Games.lnk
08/21/2011 10:21 PM 1,270 Uninstall.lnk
3 File(s) 4,681 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/18/2011 05:31 PM 2,445 Mystery P.I. The Curious Case of Counterfeit Cove.lnk
11/18/2011 05:31 PM 1,254 Pogo Games.lnk
11/18/2011 05:31 PM 1,456 Uninstall.lnk
3 File(s) 5,155 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Games
01/12/2012 11:30 AM <DIR> Uninstall Games
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC\Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\PogoDGC\Uninstall Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/27/2011 09:58 AM 2,441 About QuickTime.lnk
08/27/2011 09:58 AM 2,471 PictureViewer.lnk
08/27/2011 09:58 AM 2,441 QuickTime Player.lnk
08/27/2011 09:58 AM 1,820 Uninstall QuickTime.lnk
4 File(s) 9,173 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/12/2011 09:59 AM 2,046 Qwest Personal Digital Vault.lnk
1 File(s) 2,046 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/03/2012 10:27 PM 929 Check For Rhapsody Update.lnk
01/03/2012 10:27 PM 929 Rhapsody.lnk
01/03/2012 10:27 PM 1,023 Uninstall Rhapsody.lnk
3 File(s) 2,881 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
09/25/2011 06:40 AM 964 Snood 4.0 ReadMe.lnk
09/25/2011 06:40 AM 905 Snood.lnk
09/25/2011 06:40 AM 924 Uninstall Snood.lnk
3 File(s) 2,793 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
12/30/2011 12:14 AM 1,894 Event Reminder.lnk
11/07/2011 11:32 AM 2,063 HP Digital Imaging Monitor.lnk
2 File(s) 3,957 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/22/2011 06:36 PM 1,758 SUPERAntiSpyware Alternate Start.lnk
08/22/2011 06:36 PM 932 SUPERAntiSpyware Help.lnk
08/22/2011 06:36 PM 1,830 SUPERAntiSpyware Professional.lnk
08/22/2011 06:36 PM 1,852 SUPERAntiSpyware Registration-Activation.lnk
4 File(s) 6,372 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Tablet PC
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Documents
12/30/2011 12:14 AM 2,663 Register Your Software.lnk
12/30/2011 12:14 AM 2,663 The Print Shop 23.lnk
2 File(s) 5,326 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
12/30/2011 12:14 AM 892 ReadMe.lnk
12/30/2011 12:14 AM 897 Riverdeep License Agreement.lnk
2 File(s) 1,789 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
08/06/2011 01:16 PM 922 Readme.lnk
08/06/2011 01:16 PM 934 Trash it! Help.lnk
08/06/2011 01:16 PM 756 Trash it! on the Web.lnk
08/06/2011 01:16 PM 984 Trash it! Scheduler.lnk
08/06/2011 01:16 PM 939 Trash it!.lnk
08/06/2011 01:16 PM 934 Uninstall Trash it!.lnk
6 File(s) 5,469 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/06/2011 08:09 PM 1,963 Windows Live Call.lnk
06/06/2011 08:10 PM 2,216 Windows Live Mail.lnk
06/06/2011 08:09 PM 2,112 Windows Live Messenger .lnk
06/06/2011 08:11 PM 2,232 Windows Live Photo Gallery.lnk
06/06/2011 08:11 PM 2,199 Windows Live Writer.lnk
5 File(s) 10,722 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
06/22/2011 05:50 AM 1,908 Uninstall.lnk
1 File(s) 1,908 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
01/12/2012 11:30 AM <DIR> Super Collapse 3
0 File(s) 0 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
09/30/2011 04:31 AM 2,138 Super Collapse 3.lnk
09/30/2011 04:31 AM 1,221 Uninstall.lnk
09/30/2011 04:31 AM 1,144 Yahoo! Games - Games And Online Games.lnk
3 File(s) 4,503 bytes
Directory of C:\Users\Janice\AppData\Local\Temp\smtmp\4
01/12/2012 11:30 AM <DIR> .
01/12/2012 11:30 AM <DIR> ..
11/07/2011 11:32 AM 1,279 HP Solution Center.lnk
11/01/2011 08:35 PM 919 iLivid Download Manager.lnk
08/27/2011 10:08 AM 1,747 iTunes.lnk
06/29/2011 11:55 PM 2,064 Jewel Quest Online Party.lnk
07/24/2011 10:44 PM 1,077 Malwarebytes' Anti-Malware.lnk
06/08/2011 02:03 AM 1,139 Microsoft Works.lnk
06/20/2011 08:56 PM 1,146 Mozilla Firefox.lnk
08/27/2009 02:47 PM 2,752 Nero StartSmart Essentials.lnk
06/06/2011 08:02 PM 2,108 Netflix.lnk
08/12/2011 09:59 AM 2,154 Qwest Personal Digital Vault.lnk
01/03/2012 10:27 PM 911 Rhapsody.lnk
12/30/2011 12:14 AM 2,645 The Print Shop 23.lnk
08/27/2009 02:45 PM 2,034 User's Guide (Gateway InfoCentre).lnk
12/22/2011 05:29 PM 2,654 WildTangent Games App - gateway.lnk
06/06/2011 10:39 PM 2,090 Wordscape Online Party.lnk
15 File(s) 26,719 bytes
Total Files Listed:
239 File(s) 406,546 bytes
164 Dir(s) 920,978,501,632 bytes free
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
ADS C:\Users\Janice\AppData\Local\Temp:winupd.exe deleted successfully.
C:\Users\Janice\AppData\Local\wyuzx.exe moved successfully.
File\Folder C:\ProgramData\notifyc.exe not found.
File\Folder C:\Users\Janice\AppData\Roaming\configwiz.exe not found.
C:\Users\Janice\AppData\Local\nsa.exe moved successfully.
C:\Users\Janice\Documents\rkCT577dI.exe moved successfully.
C:\Users\Janice\AppData\Local\jla.exe moved successfully.
C:\ProgramData\PzZKH7CZwgAL1p moved successfully.
C:\ProgramData\~PzZKH7CZwgAL1p moved successfully.
C:\ProgramData\~PzZKH7CZwgAL1pr moved successfully.
C:\Users\Janice\AppData\Local\gng8ry4yq61724s5t702v6 moved successfully.
C:\ProgramData\gng8ry4yq61724s5t702v6 moved successfully.
C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Janice\Desktop\System Check.lnk moved successfully.
C:\ProgramData\PzZKH7CZwgAL1p.exe moved successfully.
C:\Users\Public\Documents\19792079 moved successfully.
File\Folder C:\Users\Janice\AppData\Local\nsa.exe not found.
File\Folder C:\Users\Janice\AppData\Local\dplaysvr.exe not found.
C:\Users\Janice\AppData\Local\dplayx.dll moved successfully.
C:\Users\Janice\AppData\Local\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo moved successfully.
C:\ProgramData\70wuo75jpl4822ssofd11bylba5ah82flv3i82q2q17tbo moved successfully.
File\Folder C:\Users\Janice\Documents\rkCT577dI.exe not found.
File\Folder C:\Users\Janice\AppData\Local\jla.exe not found.
C:\Users\Janice\AppData\Local\084c31m26umegt2s4ynu2m moved successfully.
C:\ProgramData\084c31m26umegt2s4ynu2m moved successfully.
C:\Users\Janice\AppData\Local\csr7ey1du58776l8t172j6 moved successfully.
C:\ProgramData\csr7ey1du58776l8t172j6 moved successfully.
C:\Users\Janice\AppData\Local\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym moved successfully.
C:\ProgramData\ux3527cj4aoj03r21r281oh2f7j1mesyb503isya4x71ym moved successfully.
C:\Users\Janice\Desktop\WiNlOgOn.exe moved successfully.
C:\Users\Janice\Desktop\uSeRiNiT.exe moved successfully.
C:\Users\Janice\Desktop\eXplorer.exe moved successfully.
C:\Users\Janice\Desktop\rkill.exe moved successfully.
C:\Users\Janice\Desktop\rkill.scr moved successfully.
C:\Users\Janice\Desktop\rkill.com moved successfully.
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Protection 2012 folder moved successfully.
C:\ProgramData\F4D55F3B0004240800208380B4EB2367 folder moved successfully.
C:\Users\Janice\AppData\Roaming\Ogyb folder moved successfully.
C:\Users\Janice\AppData\Roaming\Egrygi folder moved successfully.
C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01182012_220707

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

oldman960
2012-01-19, 08:46
Hi e28ct17,

Yes I expected the redirect to still be present. We haven't gone after that infection yet. We did get most of one and part of another.

Later we may need a blank CD and a usb device such as a flash drive. Do you have those?

We should be able to work directly on the infected computer now.

Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :




:Services

:files
xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C
xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C
:Commands


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Next

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop


Quit all running programs
When prompted, type 6 and validate


Ater the tool has finished:

-Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

-Click the View tab.

Under Advanced settings, check Do not Show Hidden Files and Folders, and then click Apply, click OK.

Desktop icons still visible?


Click your start button. Do you see any items listed?


Try opening a couple of the programs and see if they work.

Please post back with
OTL fix log
RogueKiller log if there was one.
If everything appears nornal in respect to icons and shorcuts we''l go after the rest when you post back.

e28ct17
2012-01-19, 14:52
I am still unable to use the infected computer. When I open up a web browser I get redirected and multiple windows open up. Also when I tried to download RougeKiller the page was in a foreign language....looks like french, so I was unable to find the download link.

Here is my log from OTL

========== SERVICES/DRIVERS ==========
========== FILES ==========
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe InDesign CS2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Bitstream Font Navigator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel CAPTURE X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel PHOTO-PAINT X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\CorelDRAW X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Duplexing Wizard.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\SB Profiler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 User Guide PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 Programming Guide for VBA PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Amazonia.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Collapse Crunch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Dora's World Adventure.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape The Emerald Star.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Whisper Valley (TM).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Farm Frenzy - Pizza Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FBI Paranormal Case Extended Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Insaniquarium Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Liong - The Lost Amulets.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Gateway Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The London Caper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The Vegas Heist.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\QuantZ.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Vampireville.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - The Secret City.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Wheel of Fortune 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\World of Goo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\About GamesBar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Recovery Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Updater.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Identity Card.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup\Gateway MyBackup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile software updater Agent.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero ControlCenter 4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero Online Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero ControlCenter 4 [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DiscSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DriveSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero Express Essentials SE [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero InfoTool [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero StartSmart Essentials [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Express Essentials SE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DiscSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DriveSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero InfoTool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood 4.0 ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Uninstall Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Register Your Software.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\Riverdeep License Agreement.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! on the Web.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Uninstall Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Yahoo! Games - Games And Online Games.lnk
224 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Netflix.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Wordscape Online Party.lnk
15 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01192012_064031

oldman960
2012-01-19, 19:32
Hi e28ct17,

That's the right page for RogueKiller. The link is in the middle of the page just to the right of where it says (download link). The icon looks like http://www.sur-la-toile.com/RogueKiller/rendu2.png

After you run RogueKiller make sure to follow the other steps to make sure everything looks ok. Once we are sure that your icons and start menu items are ok we'll go after the redirects.

e28ct17
2012-01-19, 23:29
Yes, it looks like all my icons and programs are back. I ran several programs and they all worked fine. Here is the log:

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Janice [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/19/2012 15:14:53

¤¤¤ Bad processes: 5 ¤¤¤
[SUSP PATH] enrollSync.exe -- C:\ProgramData\enrollSync.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] ReminderHelper.exe -- C:\ProgramData\WeCareReminder\ReminderHelper.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] teuzviu.exe -- C:\Users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 8 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 109 / Fail 0
My documents: Success 11 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 10 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 168 / Fail 0
Backup: [FOUND] Success 0 / Fail 239

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume8 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume9 -- 0x2 --> Restored

¤¤¤ Infection : Rogue.FakeHDD|ZeroAccess ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt

oldman960
2012-01-20, 00:11
Hi e28ct17,

Ok let's go for the rest.

If you have a copy of combofix please delete it by right clicking on it and clicking delete.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)or Link 2 (http://www.infospyware.net/antimalware/combofix/) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".

During the download, before you save it to your desktop, rename Combofix to jgh.exe


It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Right click on ComboFix.exe (jgh.exe), click Run as Administrator & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3 CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

How's the computer now?

Thanks

e28ct17
2012-01-20, 21:21
I am not able to open a web browser with Internet Explorer or Firefox. Both say the program stopped working. Here is my combofix log:

ComboFix 12-01-19.02 - Janice 01/19/2012 22:08:51.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4205 [GMT -6:00]
Running from: c:\users\Janice\Desktop\jgh.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\enrollSync.exe
c:\users\Janice\AppData\Local\dplaysvr.exe
c:\users\Janice\AppData\Local\dplayx.dll
c:\users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
c:\users\Janice\AppData\Roaming\utilfix.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 04:39 . 2012-01-20 04:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-20 04:39 . 2012-01-20 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-19 13:31 . 2012-01-19 13:31 -------- d-----w- c:\users\Janice\AppData\Roaming\Sie
2012-01-19 13:31 . 2012-01-19 13:31 -------- d-----w- c:\users\Janice\AppData\Roaming\Ofgaub
2012-01-19 04:07 . 2012-01-19 04:07 -------- d-----w- C:\_OTL
2012-01-17 02:55 . 2012-01-17 02:55 -------- d-----w- C:\found.000
2012-01-09 05:05 . 2012-01-09 05:17 -------- d-----w- C:\ComboFix
2012-01-06 22:33 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6575671-F39F-46D8-AB4F-C27D6149F639}\mpengine.dll
2012-01-05 07:57 . 2012-01-05 07:57 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 07:56 . 2012-01-06 01:49 -------- d-----w- c:\programdata\Symantec
2012-01-04 04:27 . 2002-11-12 18:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-01-04 04:27 . 2012-01-04 04:27 -------- d-----w- c:\program files (x86)\Rhapsody
2012-01-01 18:08 . 2012-01-01 18:08 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 18:08 . 2012-01-01 18:08 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 18:08 . 2012-01-01 18:08 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 18:08 . 2012-01-01 18:08 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\users\Janice\AppData\Roaming\SumatraPDF
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\programdata\WeCareReminder
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-12-31 04:29 . 2011-12-31 04:29 -------- d-----w- c:\program files (x86)\PDFReader
2011-12-29 02:56 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 02:55 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-29 02:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-29 02:55 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 02:55 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 20:29 . 2011-06-07 02:19 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-13 10:31 . 2011-06-13 04:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-07_03.27.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-09 16:25 . 2012-01-20 03:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-09 20:28 . 2012-01-19 12:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-01-19 12:34 . 2012-01-20 00:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011920120120\index.dat
+ 2012-01-18 23:41 . 2012-01-19 04:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011820120119\index.dat
+ 2012-01-17 06:24 . 2012-01-17 18:40 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011720120118\index.dat
+ 2012-01-17 03:07 . 2012-01-17 05:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011620120117\index.dat
+ 2012-01-17 03:07 . 2012-01-17 03:07 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012010920120116\index.dat
+ 2012-01-09 16:25 . 2012-01-09 16:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-01-09 16:26 . 2012-01-20 03:25 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-08-27 20:15 . 2012-01-19 04:10 53928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-20 05:07 35352 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-07 02:26 . 2012-01-20 05:07 15060 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2297261745-2509026556-3228908354-1001_UserData.bin
- 2011-06-07 03:54 . 2012-01-06 14:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 03:54 . 2012-01-20 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 03:54 . 2012-01-20 05:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 03:54 . 2012-01-06 14:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-06 14:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-20 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-07 00:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 17:30 . 2012-01-20 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-12 17:30 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-01-12 17:30 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-06-07 02:25 . 2012-01-07 00:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-20 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-07 00:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-07 03:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-07 03:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-16 21:01 . 2012-01-17 12:13 25214 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut7_A14671C8E59149CB9556CAD85DCEF123.exe
- 2011-07-16 21:01 . 2011-12-30 06:14 25214 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut7_A14671C8E59149CB9556CAD85DCEF123.exe
+ 2011-07-16 21:01 . 2012-01-17 12:13 40960 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut6_80448032606D4D10ACE91BEC75D1ACAD.exe
- 2011-07-16 21:01 . 2011-12-30 06:14 40960 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut6_80448032606D4D10ACE91BEC75D1ACAD.exe
+ 2011-07-16 21:01 . 2012-01-17 12:13 57344 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut5_9EF149EC2375429A910D1EFA489B67F6.exe
- 2011-07-16 21:01 . 2011-12-30 06:14 57344 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut5_9EF149EC2375429A910D1EFA489B67F6.exe
- 2011-07-16 21:01 . 2011-12-30 06:14 57344 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut4_9EF149EC2375429A910D1EFA489B67F6.exe
+ 2011-07-16 21:01 . 2012-01-17 12:13 57344 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut4_9EF149EC2375429A910D1EFA489B67F6.exe
+ 2011-07-16 21:01 . 2012-01-17 12:13 25214 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut1_A14671C8E59149CB9556CAD85DCEF123.exe
- 2011-07-16 21:01 . 2011-12-30 06:14 25214 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\NewShortcut1_A14671C8E59149CB9556CAD85DCEF123.exe
+ 2011-07-16 21:01 . 2012-01-17 12:13 25214 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\ARPPRODUCTICON.exe
- 2011-07-16 21:01 . 2011-12-30 06:14 25214 c:\windows\Installer\{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}\ARPPRODUCTICON.exe
- 2012-01-07 03:26 . 2012-01-07 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-20 05:06 . 2012-01-20 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-20 05:06 . 2012-01-20 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-07 03:26 . 2012-01-07 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-09 16:13 . 2010-11-20 12:17 586752 c:\windows\SysWOW64\sysprep\_update.exe
+ 2009-07-14 04:54 . 2012-01-20 04:36 671744 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-01-07 00:22 632708 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-17 03:04 632708 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-07 00:22 110342 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-17 03:04 110342 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-01-17 04:23 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-09-12 15:41 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-01-07 03:26 968304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-20 05:05 968304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-01-20 04:36 7831552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-20 04:36 8306688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-29 19:12 . 2012-01-20 05:05 5787984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-12288.dat
- 2011-07-29 19:12 . 2011-12-31 05:49 5787984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-12288.dat
+ 2011-06-21 23:17 . 2012-01-20 05:05 14482722 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2011-03-03 591248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"dplaysvr"="c:\users\Janice\AppData\Local\dplaysvr.exe" [BU]
"{24903B15-CFA6-2F4F-D499-A747DA35520F}"="c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe" [2011-07-03 174080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23\Remind.exe [2008-7-16 344064]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\jgh\CF25503.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
FF - ProfilePath - c:\users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=
FF - user.js: extentions.y2layers.installId - 3b818f57-fa2f-4b4c-b00c-be2f55d1f438
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-enrollSync - c:\programdata\enrollSync.exe
Wow6432Node-HKCU-Run-utilfix - c:\users\Janice\AppData\Roaming\utilfix.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Smart Protection 2012 - c:\programdata\F4D55F3B0004240800208380B4EB2367\F4D55F3B0004240800208380B4EB2367.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-01-19 23:25:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 05:25
ComboFix2.txt 2012-01-09 05:16
ComboFix3.txt 2012-01-07 09:24
ComboFix4.txt 2012-01-07 03:30
ComboFix5.txt 2012-01-20 04:02
.
Pre-Run: 921,982,869,504 bytes free
Post-Run: 922,030,284,800 bytes free
.
- - End Of File - - F6D0E593C85C954AD76C6BC1783BF5AF

oldman960
2012-01-20, 22:23
Hi e28ct17,

Did you happen to run combofix twice?

Besides the browsers not working does the computer have access to the internet? You can check by clicking start > Control Panel > Network and Internet > Network and Sharing Center

What is the complete message you recieve when opening IE or FF?

e28ct17
2012-01-21, 03:21
No, not that I am aware of anyway.

Both Firefox and Internet Explorer say "Firefox/Internet Explorer has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available".

e28ct17
2012-01-21, 03:53
About my internet connection.....yes I am connected

oldman960
2012-01-21, 04:42
Hi e28ct17,


Let's see if this will sort out the browser problem.

On the computer that you are now using

.
Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE





File::
c:\users\Janice\AppData\Local\dplaysvr.exe
c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-
"{24903B15-CFA6-2F4F-D499-A747DA35520F}"=-

Folder::
c:\users\Janice\AppData\Roaming\Ofgaub


In the notepad
Click File, Save as..., and set the Save in to your usb device
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save


Transfer the file to the sick computer's desktop.

We will be using Combofix again but will run it differently.

Please follow all previous instructions regarding security programs.

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Please post back with the combofix log.

Browsers working?

Thanks

e28ct17
2012-01-21, 06:04
When I dropped the script onto Combofix, I got the same message I did with Firefox/Internet Explorer. It said iexplorer quit working and nothing else happened.

oldman960
2012-01-21, 07:18
Hi e28ct17,

Was that iexplore.exe or explorer.exe?

You have RogueKiller please run it with Option 1. A log should be produced.

e28ct17
2012-01-21, 11:04
I'm not positive but I think it was iexplorer.

Here is the log

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Janice [Admin rights]
Mode: Scan -- Date : 01/21/2012 02:59:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {24903B15-CFA6-2F4F-D499-A747DA35520F} (C:\Users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : {74D07B99-0FA3-B911-92DF-7573ED80F35B} (C:\Users\Janice\AppData\Roaming\Goaci\pyko.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2297261745-2509026556-3228908354-1001[...]\Run : {24903B15-CFA6-2F4F-D499-A747DA35520F} (C:\Users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2297261745-2509026556-3228908354-1001[...]\Run : {74D07B99-0FA3-B911-92DF-7573ED80F35B} (C:\Users\Janice\AppData\Roaming\Goaci\pyko.exe) -> FOUND
[SUSP PATH] winupd.job : C:\Users\Janice\AppData\Local\Temp:winupd.exe -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] cea9947c991ef6cbea6c477a516d5f94
[BSP] 62f35c68ca4bceaeae08b6f8c4f7e488 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 16106 Mo
1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 31459328 | Size: 104 Mo
2 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 31664128 | Size: 983991 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 5d719d004efccab984080ddfb7839f1b
[BSP] 62f35c68ca4bceaeae08b6f8c4f7e488 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 16106 Mo
1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 31459328 | Size: 104 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 31664128 | Size: 983991 Mo
3 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 1953521664 | Size: 1 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 5d719d004efccab984080ddfb7839f1b
[BSP] 62f35c68ca4bceaeae08b6f8c4f7e488 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 16106 Mo
1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 31459328 | Size: 104 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 31664128 | Size: 983991 Mo
3 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 1953521664 | Size: 1 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

oldman960
2012-01-21, 11:27
Hi e28ct17,

Ok there is a couple of things I'd like you to do.

Please make this screenshot:

Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
When Computer Management opens double click on disk management
make sure the pane is expanded wide enough to show all partitions
Take a screenshot by pressing the alt and print screen keys at the same time
open an editor such as Paint
right click in the white panel and click paste
save the image as a .jpg or .png
attach it to your next reply



Next

We'll use a CD that we will make bootable. We also need a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.

You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.

If you have an problems with these steps please let me know. These may look complicated but it's fairly straight forward and for the most part automated.

On your working computer

Download GETxPUD.exe (http://noahdfear.net/downloads/GETxPUD.exe) to the desktop of your clean computer

Run GETxPUD.exe by double clicking it. (right click and run as adminstrator if you are using Vista or Win7)
A new folder will appear on the desktop.
Open the GETxPUD folder and click on the get&burn.bat
The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
Click on Start and follow the prompts to burn the image to a CD


Using FireFox, please download and save dumpit (http://noahdfear.net/downloads/dumpit) to your usb device.

You may want to print out this part as you will not be able to view these instructions.

Attach the usb device to the sick computer
Boot the infected computer with the CD you just burned
with the CD in the computer, restart the computer

The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
Once you have the computer set to boot from the CD allow it to boot
A Welcome to xPUD screen will appear
Click on File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Click on the folder that represents your USB drive (sdb1 ?)
(you will be able to tell if it the right one as the screen will populate with your files)
Locate the file you downloaded and saved earlier, dumpit
double click it to run it
a black window will open, follow the instructions to close the window when it's finished
a file called MBR.zip should now be placed in the right hand panel
Click the Home icon at top
Remove the CD and click Power off
Click restart


Once the computer has rebooted transfer the screenshot you made earlier to the usb device. Please attach the MBR.zip file and the screenshot to your next reply.

Thanks

e28ct17
2012-01-23, 06:17
After I rebooted my infected computer, it said the start up files may have been damaged and I should use start repair (recommended) I chose this option and is says windows is loading files but nothing else has happened. I have attached the files you requested.

oldman960
2012-01-23, 12:09
Hi e28ct17,

Not sure why that happened as we didn't fix anything. Can you recall if the computer was rebooted after you ran combofix the first time other than the reboot combofix did?

You do have a rogue partition which we will work on removing. First though let's make sure nothing as changed.

Delete MBR.zip from the jump drive. Reboot the sick computer with the xPUD CD and run dumpit like you did before. After you have the new mbr.zip shut the computer down, don't bother to trying to boot to windows.

Attach the mbr.zip to your next reply.

e28ct17
2012-01-24, 02:52
When I booted my computer with the boot disk this is what came up on the screen:

[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
xauth: (argu):1: bad display name "(none):0" in "remove" command
sh: no job control in this shell
sh-4.0#

oldman960
2012-01-24, 04:15
Hi Hi e28ct17,

I've asked for some assistance with why you are recieving that message from xPUD. Be back ASAP.

Thanks for you patience.

oldman960
2012-01-24, 11:48
Hi e28ct17,

Let's see if we can get this computer to boot to windows.

Remove the CD if it's in the machine.
Restart the computer
If given the option to do a Repair either cancel it or select "Start Windows Normally"
Did it boot to windows?

If it did boot to Windows, shut the computer down normally and reboot. Did it start normally?

If the computer did not boot properly after selecting "Start Windows normally"
reboot the computer
while the computer is rebooting press the F10 to bring up 'Edit Boot Options' screen. (if it's pressed too early you might get the bios screen instead. )

The correct screen looks similar to this (yours will say Vista)
http://www2.gmer.net/img/tdl4_minint.png

If it says /minint or int/min after /NOEXECUTE=OPTIN,

hit the Backspace key until that entry reads:

/NOEXECUTE=OPTIN

hit enter

Did the computer boot?

Let me know how you made out.

e28ct17
2012-01-25, 05:59
Yes, it booted fine. Internet Explorer and Firefox are working too!

oldman960
2012-01-25, 12:19
Hi e28ct17,

Please tell me what if any steps you needed to take in order to get the computer to boot to windows. this information will be helpful later.

After this fix if you recieve an error message about IE or FF when opening them please reboot you computer and try again.

We'll continue with combofix. If you have a file on your desktop named CFScript please delete it we'll make a new one.

We will be using Combofix again but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE




http://forums.spybot.info/showpost.php?p=420140&postcount=17

Collect::
c:\users\Janice\AppData\Local\dplaysvr.exe
c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-
"{24903B15-CFA6-2F4F-D499-A747DA35520F}"=-

Folder::
c:\users\Janice\AppData\Roaming\Sie
c:\users\Janice\AppData\Roaming\Ofgaub



In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.



Please post back with the combofix log.

Thanks

e28ct17
2012-01-26, 04:26
I had to use F10 to boot computer. Here is my log from combofix

ComboFix 12-01-23.02 - Janice 01/25/2012 8:47.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4508 [GMT -6:00]
Running from: c:\users\Janice\Desktop\ComboFix.exe
Command switches used :: c:\users\Janice\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Janice\AppData\Roaming\Goaci\pyko.exe
c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 15:15 . 2012-01-25 15:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-25 15:15 . 2012-01-25 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-25 03:52 . 2012-01-25 03:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Yfhym
2012-01-25 03:52 . 2012-01-25 03:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Elday
2012-01-20 19:52 . 2012-01-20 19:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Urubn
2012-01-20 19:52 . 2012-01-20 19:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Inuro
2012-01-20 19:51 . 2012-01-25 15:14 -------- d-----w- c:\users\Janice\AppData\Roaming\Goaci
2012-01-20 19:51 . 2012-01-25 04:22 -------- d-----w- c:\users\Janice\AppData\Roaming\Adodn
2012-01-20 04:00 . 2012-01-20 05:26 -------- d-----w- C:\jgh
2012-01-19 13:31 . 2012-01-25 15:14 -------- d-----w- c:\users\Janice\AppData\Roaming\Ofgaub
2012-01-19 13:31 . 2012-01-25 03:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Sie
2012-01-19 04:07 . 2012-01-19 04:07 -------- d-----w- C:\_OTL
2012-01-17 06:13 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-17 06:13 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-17 06:13 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-17 06:13 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-17 06:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-17 06:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-17 06:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-17 06:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-17 02:55 . 2012-01-17 02:55 -------- d-----w- C:\found.000
2012-01-06 22:33 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6575671-F39F-46D8-AB4F-C27D6149F639}\mpengine.dll
2012-01-05 07:57 . 2012-01-05 07:57 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 07:56 . 2012-01-06 01:49 -------- d-----w- c:\programdata\Symantec
2012-01-04 04:27 . 2002-11-12 18:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-01-04 04:27 . 2012-01-04 04:27 -------- d-----w- c:\program files (x86)\Rhapsody
2012-01-01 18:08 . 2012-01-01 18:08 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 18:08 . 2012-01-01 18:08 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 18:08 . 2012-01-01 18:08 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 18:08 . 2012-01-01 18:08 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\users\Janice\AppData\Roaming\SumatraPDF
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\programdata\WeCareReminder
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-12-31 04:29 . 2011-12-31 04:29 -------- d-----w- c:\program files (x86)\PDFReader
2011-12-29 02:56 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 02:55 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-29 02:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-29 02:55 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 02:55 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 20:29 . 2011-06-07 02:19 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-13 10:31 . 2011-06-13 04:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-20_05.07.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-27 20:15 . 2012-01-25 15:19 54714 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-25 15:19 35360 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-07 02:26 . 2012-01-25 15:19 15296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2297261745-2509026556-3228908354-1001_UserData.bin
- 2011-06-07 03:54 . 2012-01-20 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 03:54 . 2012-01-25 03:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 03:54 . 2012-01-25 03:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 03:54 . 2012-01-20 05:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-20 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-25 03:57 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-12-31 14:15 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-12 17:30 . 2012-01-20 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-12 17:30 . 2012-01-25 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-12 17:30 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-12 17:30 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-12 17:30 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-01-12 17:30 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-17 06:13 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-17 06:13 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-20 05:33 . 2012-01-20 05:33 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-14 00:39 . 2012-01-20 05:32 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-01-20 06:19 . 2012-01-20 06:19 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
- 2012-01-20 05:06 . 2012-01-20 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-25 15:18 . 2012-01-25 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-25 15:18 . 2012-01-25 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-20 05:06 . 2012-01-20 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 06:12 . 2011-10-14 04:24 716800 c:\windows\SysWOW64\jscript.dll
- 2011-06-07 08:26 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2009-07-14 02:36 . 2012-01-23 03:21 632806 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-23 03:21 110440 c:\windows\system32\perfc009.dat
+ 2012-01-17 06:12 . 2011-10-14 05:31 918528 c:\windows\system32\jscript.dll
+ 2009-07-14 05:01 . 2012-01-25 15:17 968304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-20 05:05 968304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 11:47 . 2011-12-26 11:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-17 06:13 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 10:39 . 2011-12-26 10:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-17 06:13 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-09-14 00:39 . 2011-12-31 05:48 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2011-06-09 05:01 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll

e28ct17
2012-01-26, 04:27
Cont,

- 2011-06-09 05:01 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-17 06:13 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\b434cf95212b804846ae51b54078b667\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e50eeb08e5a2faa91ba39a1c9e19a49e\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3d61b7222fdbc98ef59bff1333d1bf3\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36213ec4fe54a8ea1341292fdadd5e0c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2009-07-14 04:45 . 2012-01-20 05:46 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-31 05:57 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-17 06:13 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-17 06:13 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 12:24 . 2011-12-26 12:24 8835072 c:\windows\Installer\182cd4.msp
+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\182ccb.msp
+ 2011-09-14 00:39 . 2012-01-20 05:32 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-01-20 06:19 . 2012-01-20 06:19 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-20 05:44 . 2012-01-20 05:44 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b18cc8f74e2cc93fd0942ddadd118a65\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 2001920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\605212ca6fbbc96fd6c528f945552d1b\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-20 05:52 . 2012-01-20 05:52 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-20 05:52 . 2012-01-20 05:52 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-17 06:13 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-09 05:02 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-17 06:13 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-17 06:13 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-14 02:34 . 2011-12-31 05:54 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-20 05:43 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-06-21 23:17 . 2012-01-20 05:05 14482722 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-8192.dat
+ 2011-06-21 23:17 . 2012-01-25 15:17 14482722 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-8192.dat
+ 2012-01-20 05:45 . 2012-01-20 05:45 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2011-03-03 591248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23\Remind.exe [2008-7-16 344064]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
FF - ProfilePath - c:\users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-{74D07B99-0FA3-B911-92DF-7573ED80F35B} - c:\users\Janice\AppData\Roaming\Goaci\pyko.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-01-25 09:37:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 15:37
ComboFix2.txt 2012-01-20 05:26
ComboFix3.txt 2012-01-09 05:16
ComboFix4.txt 2012-01-07 09:24
ComboFix5.txt 2012-01-25 14:22
.
Pre-Run: 921,890,197,504 bytes free
Post-Run: 921,761,533,952 bytes free
.
- - End Of File - - 0490109B7DBB5DCBF8F89B8F976D3EDC
Upload was successful

oldman960
2012-01-26, 06:45
Hi e28ct17,

Did you need to edit the line after you used F10?

Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

dir /s c:\users\Janice\AppData\Roaming\Yfhym /c
dir /s c:\users\Janice\AppData\Roaming\Inuro /c
dir /s c:\users\Janice\AppData\Roaming\Adodn /c
dir /s c:\users\Janice\AppData\Roaming\Elday /c
dir /s c:\users\Janice\AppData\Roaming\Urubn /c
dir /s c:\users\Janice\AppData\Roaming\Goaci /c
dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c
dir /s c:\users\Janice\AppData\Roaming\Sie /c



Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

e28ct17
2012-01-26, 07:32
Yes, I edited the line.

Here is the log from OTL

========== SERVICES/DRIVERS ==========
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Yfhym /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Yfhym /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Inuro /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Inuro /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Adodn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Adodn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Elday /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Elday /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Urubn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Urubn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Goaci /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Goaci /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Sie /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Sie /c not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01252012_232834

oldman960
2012-01-26, 08:10
Hi e28ct17,

Thanks for the info.

Sorry I made a mistake in that las script. Please run OTL the same way with this script.

Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:files
dir /s c:\users\Janice\AppData\Roaming\Yfhym /c
dir /s c:\users\Janice\AppData\Roaming\Inuro /c
dir /s c:\users\Janice\AppData\Roaming\Adodn /c
dir /s c:\users\Janice\AppData\Roaming\Elday /c
dir /s c:\users\Janice\AppData\Roaming\Urubn /c
dir /s c:\users\Janice\AppData\Roaming\Goaci /c
dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c
dir /s c:\users\Janice\AppData\Roaming\Sie /c



Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

e28ct17
2012-01-27, 03:34
Things seem to be running a bit better, however is get re-directed on google.

========== SERVICES/DRIVERS ==========
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Yfhym /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Yfhym /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Inuro /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Inuro /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Adodn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Adodn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Elday /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Elday /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Urubn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Urubn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Goaci /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Goaci /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Sie /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Sie /c not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_193118

oldman960
2012-01-27, 05:45
Hi e28ct17,

Was this machine always Windows7 or was it upgraded from a different version of windows?

Seems to be a bit of discrepancy in a couple of the logs. I'd like to confirm something before we procede. Could I get you to repeat some instructions for me?

On the sick computer

Please make this screenshot:

Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
When Computer Management opens double click on disk management
make sure the pane is expanded wide enough to show all partitions
Take a screenshot by pressing the alt and print screen keys at the same time
open an editor such as Paint
right click in the white panel and click paste
save the image as a .jpg or .png
name it new.jpg or new.png
attach it to your next reply

e28ct17
2012-01-27, 06:25
The computer has only had Windows 7 installed....no other OS.

I have attached the screen shot you requested

oldman960
2012-01-28, 04:58
Hi e28ct17,

Let's see if we can get rid of the redirects. We will be using xPUD again. In all likelyhood you will need to use the F10 method again when restarting the computer after exiting xPUD. There will also be some addition instructions at the end to ensure we get all elements of this infection. Please read through this before starting. ask any questions you have for clarification.


Download tdl_fix.sh (http://noahdfear.net/downloads/tdl_fix.sh) and save it to the flash drive you where using.
Make sure the flash drive is attached to the sick computer.
Boot into xPUD with the CD then click the File tab.
Press File
Expand mnt
Click on the folder under mnt that represents your USB drive (sdb1 ?)
You should see the tdl_fix.sh file in the main window.
Select Tool from the Menu
Choose Open Terminal
Type bash tdl_fix.sh then press Enter

(note there is a space after bash and that is an underscore after tdl)

Read the warning then type y and press Enter to continue.
Type sda then press Enter when prompted.
You will be shown a list of partitions to choose marking active.
Type 1 then press Enter.
If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, please post back for further instructions. Just leave the computer running if you wish and use your other one to post.
If you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter.
The script will complete and prompt you to reboot the computer.
Close the Terminal window and restart back into Windows.



When restarting the computer:

while the computer is rebooting press the F10 to bring up 'Edit Boot Options' screen. (if it's pressed too early you might get the bios screen instead. )

Refer to the screenshot you used earlier as a reference to what you should see (post 26)

If it says /minint or int/min after /NOEXECUTE=OPTIN,

hit the Backspace key until that entry reads:

/NOEXECUTE=OPTIN

hit enter



Once the computer has booted into Windows:

:
click start
type cmd into the search box
right click on cmd that appears at the top and click Run as adminstrator
type bcdedit /enum all >%userprofile%\desktop\log.log

(note: there is a space after bcdedit, a space after enum and one after all)
hit enter
When it's finished a notepad named log.log will be on the desktop.

Post the contents of the tdl_fix.txt file that was created on your flash drive and the contents of log.log in your next reply.

Please let me know how the computer is behaving.

Extra Note - in the event the computer will not boot to windows or asks if you want to do a Factory Restore. Stop

Boot the computer with the xPUD CD and run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.
This is a backup of the original mbr and will restore it to it's current state.

e28ct17
2012-01-28, 06:06
Yes, I received the warning that there was not a bootloader file. I pressed "n" as you instructed.

oldman960
2012-01-28, 09:03
Hi e28ct17m

Ok select 2 this time. There is a bit of a anomaly on this computer so hopefully this will be the one.

e28ct17
2012-01-28, 11:34
When I went back to my computer the terminal window was gone. I tried to reboot and got the same message I got before

[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
xauth: (argu):1: bad display name "(none):0" in "remove" command
sh: no job control in this shell
sh-4.0#

I then followed your previous instructions and took the disk out and rebooted and hit F10. I removed "int/min" and booted fine into windows. I put disk back into computer and rebooted. When xPUD booted I chose English and then got the above message again. Hope I didn't do too much on my own and mess up. :hair:

oldman960
2012-01-28, 14:30
Hi e28ct17m,

Reboot to windows. Reboot the computer a couple of times then try xPUD. You're doing fine.

e28ct17
2012-01-28, 22:59
When I input 2 I received the warning message about no bootloader, so I input 3 and it worked. Below are the logs you requested

2012-01-28-14:37:36

The following drives were found
sda
sdg
User has chosen drive sda
tdl_mbr_sda.bin exists
backing up mbr to tdl_mbr_sda.2012-01-28-14:37:56


Disk /dev/sda: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes

Device Boot Start End Blocks Id System
/dev/sda1 2048 31459327 15728640 27 Unknown
/dev/sda2 31459328 31664127 102400 1a Unknown
/dev/sda3 31664128 1953521663 960928768 7 HPFS/NTFS
/dev/sda4 * 1953521664 1953525151 1744 17 Hidden HPFS/NTFS

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs
4 1000GB 1000GB 1786kB primary ntfs boot, hidden


User has chosen to make partition 2 active
Warning! No bootloader found on partition 2
User rejected making partition 2 active

User has chosen to make partition 3 active

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs boot
4 1000GB 1000GB 1786kB primary ntfs hidden


User has accepted changes



Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {36350f50-934d-11de-b33d-b7495bee80d8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
nx OptIn

Windows Boot Loader
-------------------
identifier {36350f50-934d-11de-b33d-b7495bee80d8}
device ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {36350f4e-934d-11de-b33d-b7495bee80d8}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {36350f51-934d-11de-b33d-b7495bee80d8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\36350f50-934d-11de-b33d-b7495bee80d8\boot.sdi

oldman960
2012-01-28, 23:22
Hi e28ct17,

Good job.

Before we finish cleaning this for you a couple of questions. After rebooting did the computer boot normally or did you need to edit the line again?

Are you still getting redirects?

RogueKiller has been updated. Please delete the copy you have and download a new one. The interface is different in the new version. Double click to run it. Once it's open and has done it's prescan click the scan button. After the scan has completed click the report button and post the log.

You can get a new copy from HERE (http://www.sur-la-toile.com/RogueKiller/)

e28ct17
2012-01-28, 23:30
The computer booted normally....I did not have to edit the line. The redirects have stopped. Looks like things are back to normal, thanks to you!!

RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Janice [Admin rights]
Mode: Scan -- Date : 01/28/2012 15:25:51

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] ReminderHelper.exe -- C:\ProgramData\WeCareReminder\ReminderHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] winupd.job : C:\Users\Janice\AppData\Local\Temp:winupd.exe -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost




¤¤¤ MBR Check: ¤¤¤


+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 862d43404943f43730948c81ebbefce0
[BSP] 62f35c68ca4bceaeae08b6f8c4f7e488 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16106 Mo

1 - [XXXXXX] UNKNOWN (0x1a) [VISIBLE] Offset (sectors): 31459328 | Size: 104 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 983991 Mo

3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953521664 | Size: 1 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

oldman960
2012-01-29, 04:57
Hi e28ct17,

Sorry this is taking so long. Your computer is a bit of an oddity so I wanted to make sure it was the computer and not something new this malware was doing.

Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:Reg

:Files
c:\users\Janice\AppData\Roaming\Yfhym
c:\users\Janice\AppData\Roaming\Inuro
c:\users\Janice\AppData\Roaming\Adodn
c:\users\Janice\AppData\Roaming\Elday
c:\users\Janice\AppData\Roaming\Urubn
c:\users\Janice\AppData\Roaming\Goaci
c:\users\Janice\AppData\Roaming\Ofgaub
c:\users\Janice\AppData\Roaming\Sie

:Commands
[createrestorepoint]
[purity]
[emptytemp]



Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

One more trip with xPUD


Boot into xPUD then click the File tab.
Press File
Expand mnt
Click on the folder under mnt that represents your USB drive (sdb1 ?)
You should see the tdl_fix.sh file in the main window.
Select Tool from the Menu
Choose Open Terminal
Type bash tdl_fix.sh -delete then press Enter.
** Make sure to leave a space to either side of tdl_fix.sh in the command.
You should be notified of a hidden partition found and prompted to delete it.
Type y then press Enter.
The script will complete and prompt you to reboot the computer.
Close the Terminal window and restart back into Windows.
Post the contents of the tdl_delete.txt file that was created on your flash drive.


The computer should boot normally. If for some reason it doesn't use the F10 method first. If you still have problems follow the steps below.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.

Computer still behaving?

Thanks

e28ct17
2012-01-29, 20:10
Microsoft Security Essentials found the following on my computer (I have not taken any action on them)

DOS/Aluteon.E and Win32/Arcadeweb

I ran OTL and below is my log. I will wait to do xPUD until I hear back from you.

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\users\Janice\AppData\Roaming\Yfhym folder moved successfully.
c:\users\Janice\AppData\Roaming\Inuro folder moved successfully.
c:\users\Janice\AppData\Roaming\Adodn folder moved successfully.
c:\users\Janice\AppData\Roaming\Elday folder moved successfully.
c:\users\Janice\AppData\Roaming\Urubn folder moved successfully.
c:\users\Janice\AppData\Roaming\Goaci folder moved successfully.
c:\users\Janice\AppData\Roaming\Ofgaub folder moved successfully.
c:\users\Janice\AppData\Roaming\Sie folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janice
->Temp folder emptied: 499906 bytes
->Temporary Internet Files folder emptied: 39799349 bytes
->Java cache emptied: 186882690 bytes
->FireFox cache emptied: 172457852 bytes
->Flash cache emptied: 70005 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 2381032 bytes

Total Files Cleaned = 384.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01292012_115543

Files\Folders moved on Reboot...
C:\Users\Janice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDMOXURH\27[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDMOXURH\27[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0EJLRQW\32[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\533CW1BO\26[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\533CW1BO\30[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03AWZWF0\31[2].png moved successfully.

Registry entries deleted on Reboot...

oldman960
2012-01-29, 21:57
Hi e28ct17,


DOS/Aluteon.E and Win32/Arcadeweb
Do you know where the detection was? I'm pretty sure it finaly detected the rogue partition which is now inactive.

Go ahead with xPUD.

e28ct17
2012-01-31, 05:14
No, I don't know where the detection was...i don't think it said. Here is the log you requested

2012-01-30-21:09:16

using tdl_delete_sda.bin

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs boot
4 1000GB 1000GB 1786kB primary ntfs hidden

Hidden partition found on sda
sda4 is hidden
Deleting partition 4 on drive sda

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs boot

No hidden partition on sdg

oldman960
2012-01-31, 13:15
Hi e28ct17,

That should have taken care of the MSE detections. Any problems?

e28ct17
2012-02-01, 01:52
Yes, my browser home page keeps resetting to mywebsearch.com. Everything else seems to work ok.

oldman960
2012-02-01, 02:51
Hi e28ct17,

Click on the Start button > Control Panel

Depending on your setings, either
click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following programs

iLivid
Windows iLivid Toolbar



Next
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad windows, OTL.Txt no Extras.Txt this time.

Please post the log.

e28ct17
2012-02-01, 07:26
I uninstalled iLivid with no problems, but after I uninstalled Windows iLivid Toolbar it didn't delete from the programs list. So I tried to uninstall it again and it acts like it is uninstalling, but still show up on list.

Here is OTL log

OTL logfile created on: 1/31/2012 11:09:06 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.93 Gb Available Physical Memory | 65.87% Memory free
6.94 Gb Paging File | 4.69 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): c:\pagefile.sys 1000 9163

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 856.51 Gb Free Space | 93.46% Space Free | Partition Type: NTFS

Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Janice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko9.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/20 23:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 12:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/16 20:13:49 | 000,000,000 | ---D | M]

[2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions
[2012/01/28 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions
[2012/01/08 14:23:33 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/11/01 20:33:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/08/23 07:15:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com
[2012/01/06 05:56:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\foxmarks@kei.com
[2011/12/22 17:01:20 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\gamesbar@oberon-media.com
[2012/01/28 18:06:02 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com
[2011/12/30 22:30:15 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\plugin@yontoo.com
[2011/08/11 06:29:03 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\textlinks@arcadeweb.com
[2011/12/30 22:41:29 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\wecarereminder@bryan
[2011/06/21 23:02:15 | 000,002,571 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\askcom.xml
[2012/01/05 10:52:16 | 000,009,987 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml
[2012/01/24 21:54:43 | 000,002,282 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\surf-canyon.xml
[2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/29 13:20:43 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
() (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
() (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/01/01 12:08:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/15 06:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/11 08:21:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/10/16 20:03:58 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober441754614.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/11 11:18:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/08/21 22:21:35 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober112634188.xml
[2011/08/24 00:27:46 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober174870194.xml
[2011/08/24 00:54:09 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober176453105.xml
[2011/11/25 12:08:02 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober232756486.xml
[2011/11/15 06:41:17 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober275019326.xml
[2011/11/18 17:31:05 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober64933824.xml

O1 HOSTS File: ([2012/01/25 09:18:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 02:21:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/29 02:21:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/29 02:21:16 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/29 02:21:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/29 02:21:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/29 02:21:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/29 02:21:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/29 02:21:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/29 02:21:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/29 02:21:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/29 02:21:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/29 02:21:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/29 02:21:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/29 02:21:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/29 02:21:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/29 02:21:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/29 02:21:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/29 02:21:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/29 02:21:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/29 02:21:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/29 02:21:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/29 02:21:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/29 02:21:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/29 02:21:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/29 02:21:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/29 02:21:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/29 02:21:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/29 02:21:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/29 02:21:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/29 02:21:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/29 02:21:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/29 02:21:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/29 02:21:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/29 02:21:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/29 02:21:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/29 02:21:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/29 02:21:16 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/29 02:21:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/29 02:21:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/29 02:21:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/29 02:21:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/29 02:21:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/29 02:21:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/29 02:21:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/29 02:21:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/29 02:21:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/29 02:21:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/29 02:21:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/29 02:21:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/29 02:21:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/29 02:21:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/29 02:21:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/29 02:21:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/29 02:21:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/29 02:21:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/29 02:21:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/29 02:21:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/29 02:21:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/29 02:21:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/29 02:21:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/29 02:21:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/29 02:21:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/29 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/29 02:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/29 02:08:49 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/29 02:08:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/29 02:08:49 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/29 02:08:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/29 02:08:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/29 02:08:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/25 23:27:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/01/25 20:19:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/25 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/25 08:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/25 08:21:02 | 000,000,000 | ---D | C] -- C:\jgh32265j
[2012/01/20 21:58:00 | 000,000,000 | ---D | C] -- C:\jgh32442j
[2012/01/19 22:00:25 | 000,000,000 | ---D | C] -- C:\jgh
[2012/01/19 21:57:16 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
[2012/01/19 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\RK_Quarantine
[2012/01/19 06:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/18 22:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 18:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
[2012/01/17 00:13:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/17 00:13:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/17 00:13:00 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/17 00:13:00 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/17 00:12:47 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/17 00:12:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/17 00:12:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/16 20:55:44 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/05 01:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/01/05 01:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/01/03 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Real
[2012/01/03 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2012/01/03 22:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody

========== Files - Modified Within 30 Days ==========

[2012/01/31 22:36:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 22:36:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 21:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/30 21:11:46 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 02:31:59 | 000,001,405 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/29 02:21:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/29 02:21:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/29 02:21:16 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/29 02:21:16 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/29 02:21:16 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/29 02:21:16 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/29 02:21:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/29 02:21:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/29 02:21:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/29 02:21:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/29 02:21:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/29 02:21:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/29 02:21:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/29 02:21:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/29 02:21:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/29 02:21:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/29 02:21:16 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/29 02:21:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/29 02:21:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/29 02:21:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/29 02:21:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/29 02:21:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/29 02:21:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/29 02:21:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/29 02:21:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/29 02:21:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/29 02:21:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/29 02:21:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/29 02:21:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/29 02:21:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/29 02:21:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/29 02:21:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/29 02:21:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/29 02:21:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/29 02:21:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/29 02:21:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/29 02:21:16 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/29 02:21:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/29 02:21:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/29 02:21:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/29 02:21:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/29 02:21:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/29 02:21:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/29 02:21:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/29 02:21:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/29 02:21:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/29 02:21:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/29 02:21:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/29 02:21:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/29 02:21:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/29 02:21:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/29 02:21:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/29 02:21:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/29 02:21:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/29 02:21:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/29 02:21:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/29 02:21:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/29 02:21:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/29 02:21:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/29 02:21:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/29 02:21:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/29 02:12:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/29 02:12:43 | 000,756,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/29 02:12:43 | 000,634,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/29 02:12:43 | 000,111,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/29 02:12:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/01/28 19:21:10 | 000,544,368 | ---- | M] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
[2012/01/25 09:18:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/25 08:36:59 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
[2012/01/25 08:19:08 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
[2012/01/22 21:21:31 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 15:10:17 | 000,787,456 | ---- | M] () -- C:\Users\Janice\Desktop\RogueKiller.exe
[2012/01/17 18:25:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/01/17 18:25:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
[2012/01/17 11:16:23 | 000,001,096 | ---- | M] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
[2012/01/07 03:02:59 | 000,003,085 | ---- | M] () -- C:\Users\Janice\Desktop\VinylMaster Pro.lnk
[2012/01/03 22:27:14 | 000,000,929 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2012/01/03 22:27:14 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/02 22:49:57 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== Files Created - No Company Name ==========

[2012/01/29 02:31:59 | 000,001,417 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/29 02:12:40 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/29 02:12:17 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/01/28 19:21:10 | 000,544,368 | ---- | C] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
[2012/01/19 15:13:01 | 000,787,456 | ---- | C] () -- C:\Users\Janice\Desktop\RogueKiller.exe
[2012/01/19 06:40:38 | 000,002,752 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/01/19 06:40:38 | 000,002,654 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
[2012/01/19 06:40:38 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Qwest Personal Digital Vault.lnk
[2012/01/19 06:40:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2012/01/19 06:40:38 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Wordscape Online Party.lnk
[2012/01/19 06:40:38 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Online Party.lnk
[2012/01/19 06:40:38 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\User's Guide (Gateway InfoCentre).lnk
[2012/01/19 06:40:38 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/19 06:40:38 | 000,001,279 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/19 06:40:38 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 06:40:38 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2012/01/19 06:40:38 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/19 06:40:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/19 06:40:35 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/19 06:40:35 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2012/01/19 06:40:32 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/19 06:40:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/19 06:40:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/19 06:40:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/19 06:40:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/19 06:40:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/19 06:40:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/19 06:40:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/19 06:40:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/19 06:40:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/19 06:40:32 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 06:40:32 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/19 06:40:32 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/01/19 06:40:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2012/01/17 11:16:23 | 000,001,096 | ---- | C] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
[2012/01/17 06:13:53 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.lnk
[2012/01/03 22:27:14 | 000,000,929 | ---- | C] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\ProgramData\w5hw08b8wo4jqn
[2011/12/12 01:51:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1
[2011/12/01 00:05:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 00:05:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 00:05:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 00:05:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 00:05:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/07 11:30:25 | 000,210,543 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/11/07 11:30:25 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/11/07 07:54:46 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/11/04 08:55:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/11/04 08:55:20 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/21 00:05:11 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 00:29:47 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/21 16:53:47 | 000,756,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/20 20:56:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/08 20:10:11 | 000,001,022 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
[2011/02/11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/08/27 15:02:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2000/05/15 09:52:40 | 000,003,004 | ---- | C] () -- C:\Windows\SysWow64\vmpro.ini

========== LOP Check ==========

[2011/07/05 00:27:19 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Amazonia
[2011/07/28 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Anarchy
[2011/10/17 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Artogon
[2011/08/24 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Big Fish Games
[2011/09/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\BitComet
[2011/08/28 23:54:48 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Dekovir
[2011/06/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoft
[2011/06/20 22:21:59 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/30 08:40:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Freeze Tag
[2011/11/15 06:42:08 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\funkitron
[2011/08/03 09:07:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GameBlend
[2011/06/27 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\HdO Adventure
[2011/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\NetAssistant
[2011/08/16 20:01:56 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nevosoft Games
[2011/08/23 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nokia Ovi Suite
[2011/08/21 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon
[2011/11/15 06:41:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon Media
[2011/06/11 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Packard Bell
[2011/07/21 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\PC Suite
[2011/11/18 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SpinTop Games
[2011/08/30 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SprillRichiEng
[2011/12/30 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SumatraPDF
[2011/06/22 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
[2011/12/26 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vogat Interactive
[2011/07/29 04:51:49 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WeatherBug
[2011/06/29 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1000
[2011/08/11 02:20:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1001
[2011/06/22 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Worldwinner
[2012/01/19 23:06:05 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:FB04FBFD
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E0648389
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:987CE5C8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:62D72D41
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5C2DDAE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:86AE00C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F2B0ABCC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8C5315B5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AA4982C6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:937250A8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:95E512F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DE5D1324
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B68494D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:10FC1DC1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3E34AA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BAEFC0C1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F4549211
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:70FD4407
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8EBE180D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9DADB9F7

< End of report >

e28ct17
2012-02-01, 09:00
Microsoft Security Essentials found the threat Rouge:Win/Winwebsec on my computer and I removed it.

oldman960
2012-02-01, 13:03
Hi e28ct17,

Let's see if we can get this cleaned up.

You have Revo Uninstaller and I see you have used it before. So let's see if we can it help out.

Right click the Revo Uninstaller Icon on the desktop and click "Run as Administrator to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

Locate the program you are uninstalling Windows iLivid Toolbar[/B>
Right Click the Icon then choose Uninstall.
Click yes to the warning and choose the Uninstall Mode
Choose the Advanced option and then click Next.
This will launch the programs built in uninstaller. Be patient it can take several seconds.
Once the uninstaller is done click Next.
Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
Once this scan is done click Next.
You will then be presented of the leftover entries found by Revo Uninstaller
Look at ALL of the entries to ensure they relate to the uninstall.
Next click Select All > Delete to remove the entries.
Click Next.
If there are any program file folders left over you will be presented with a list to be removed.
Again look at ALL of the entries to ensure they are related to the uninstall.
Click Select All > Delete to remove the entries.
Click Finish to go back to the uninstall list.
Close the program



Next

Right click on OTL.exe and chose Run as Administrator to run it
Under the [B]Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...FYMEQAodrjEGpQ
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor="
[2011/11/01 20:33:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/05 10:52:16 | 000,009,987 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/08/21 22:21:35 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober112634188.xml
[2011/08/24 00:27:46 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober174870194.xml
[2011/08/24 00:54:09 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober176453105.xml
[2011/11/25 12:08:02 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober232756486.xml
[2011/11/15 06:41:17 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober275019326.xml
[2011/11/18 17:31:05 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober64933824.xml
[2012/01/17 11:16:23 | 000,001,096 | ---- | M] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\ProgramData\w5hw08b8wo4jqn
[2011/12/12 01:51:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1

:Commands
[createrestorepoint]
[emptytemp]



Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


Next

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next

Open OTL and get a new scan log.

Please post back with
OTL fix log
MBAM
OTLscan log
How's the computer?

e28ct17
2012-02-03, 10:46
The computer seems to be working fine.


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {36350f50-934d-11de-b33d-b7495bee80d8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
nx OptIn

Windows Boot Loader
-------------------
identifier {36350f50-934d-11de-b33d-b7495bee80d8}
device ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {36350f4e-934d-11de-b33d-b7495bee80d8}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {36350f51-934d-11de-b33d-b7495bee80d8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\36350f50-934d-11de-b33d-b7495bee80d8\boot.sdi


========== SERVICES/DRIVERS ==========
========== FILES ==========
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe InDesign CS2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Bitstream Font Navigator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel CAPTURE X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel PHOTO-PAINT X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\CorelDRAW X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Duplexing Wizard.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\SB Profiler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 User Guide PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 Programming Guide for VBA PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Amazonia.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Collapse Crunch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Dora's World Adventure.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape The Emerald Star.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Whisper Valley (TM).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Farm Frenzy - Pizza Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FBI Paranormal Case Extended Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Insaniquarium Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Liong - The Lost Amulets.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Gateway Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The London Caper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The Vegas Heist.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\QuantZ.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Vampireville.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - The Secret City.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Wheel of Fortune 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\World of Goo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\About GamesBar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Recovery Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Updater.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Identity Card.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup\Gateway MyBackup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile software updater Agent.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero ControlCenter 4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero Online Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero ControlCenter 4 [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DiscSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DriveSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero Express Essentials SE [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero InfoTool [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero StartSmart Essentials [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Express Essentials SE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DiscSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DriveSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero InfoTool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood 4.0 ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Uninstall Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Register Your Software.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\Riverdeep License Agreement.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! on the Web.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Uninstall Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Yahoo! Games - Games And Online Games.lnk
224 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Netflix.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Wordscape Online Party.lnk
15 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01192012_064031

oldman960
2012-02-03, 18:57
Hi e28ct17,
,

Those are old logs. The OTL fix log is from Jan 19. Open Windows Explorer and navigate to C:\_OTL\Moved files. The log you are looking for will be a txt file named 02022012_XXXXXX (x's represent the time)

The other log you posted was from bootedit. The MBAM log rquested can be located in MBAM.
open MBAM
click on the Logs tab
locate the last one created
click on it and click open

Don't forget to get a new OTL scan log.


Thanks

e28ct17
2012-02-03, 19:24
Hi! Sorry about that. I just noticed, but my recovery drive has disappeared. I had a few other drives and they have disappeared too. Drive C and my DVD drive are the only drives under My Computer.

Here are the logs

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "iLivid Web Search" removed from browser.search.order.1
Prefs.js: "My Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=" removed from keyword.URL
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober112634188.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober174870194.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober176453105.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober232756486.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober275019326.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober64933824.xml moved successfully.
C:\Users\Janice\Desktop\Smart Protection 2012.lnk moved successfully.
C:\ProgramData\w5hw08b8wo4jqn moved successfully.
C:\ProgramData\hash.dat moved successfully.
C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1 moved successfully.
C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1 moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janice
->Temp folder emptied: 7518668 bytes
->Temporary Internet Files folder emptied: 67781473 bytes
->Java cache emptied: 17439374 bytes
->FireFox cache emptied: 1102478468 bytes
->Flash cache emptied: 6676 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69102 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1523262976 bytes

Total Files Cleaned = 2,593.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02032012_015851

Files\Folders moved on Reboot...
C:\Users\Janice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\28[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\30[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\34[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\20[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\20[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\32[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\32[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\27[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\33[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\33[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UUSU2Y0\29[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UUSU2Y0\29[2].png moved successfully.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.02.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Janice :: JANICE-PC [administrator]

2/3/2012 2:32:15 AM
mbam-log-2012-02-03 (02-32-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187663
Time elapsed: 4 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Janice\Downloads\bios_password_cracker_13azip.exe (PUP.BundleInstaller.MG) -> Quarantined and deleted successfully.
C:\Users\Janice\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

oldman960
2012-02-03, 20:06
Hi e28ct17,

Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
When Computer Management opens double click on disk management
make sure the pane is expanded wide enough to show all partitions
There should be 3 listed
The first one should be 15gb. Is it visible there?

You should see the same image as you posted in the earlier screenshot with the exception of the 2Mb partition.

e28ct17
2012-02-04, 11:00
Yes, there were 3 listed....15 GB (recovery partition), 100 MB, C: drive

oldman960
2012-02-04, 20:52
Hi e28ct17,

When you looked in Disk Management were disks 1-5 listed in the lower panel?

Also in the lower panel Disk0 should have been shown divided into 3 sections. Sound right?

e28ct17
2012-02-05, 08:37
Yes, everything looked as you described. I attached a print screen in case you wanted to take a look.

oldman960
2012-02-05, 13:01
Hi e28ct17,

Looks like they are all there just hidden from windows.

Try this,

Click the Windows Explorer icon
click the down arrow beside organize
Click Folders and Search Options
Click the view tab
uncheck Hide empty drives in the Computer folder
click apply, click ok

Drives back?

e28ct17
2012-02-05, 21:22
Yes, they are all back!! :thanks:

oldman960
2012-02-05, 21:29
Hi e28ct17,

Good. Any remaining issues?

Please open OTL and click the Quick Scan button. We'll see if there is anything left of Web Search.

Please post the OTL.txt

e28ct17
2012-02-05, 21:49
Everything it running great! Thanks so much for all your help. Your forum is such a valuable resource.

Here is the OTL log

OTL logfile created on: 2/5/2012 1:43:23 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 64.36% Memory free
6.94 Gb Paging File | 4.70 Gb Available in Paging File | 67.75% Paging File free
Paging file location(s): c:\pagefile.sys 1000 9163

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 857.05 Gb Free Space | 93.52% Space Free | Partition Type: NTFS
Drive J: | 3.61 Gb Total Space | 3.49 Gb Free Space | 96.55% Space Free | Partition Type: FAT32

Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Janice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
PRC - C:\Program Files (x86)\Rhapsody\rhaphlpr.exe (Rhapsody International Inc.)
PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - c:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko9.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/20 23:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 12:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/16 20:13:49 | 000,000,000 | ---D | M]

[2012/02/04 16:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions
[2012/02/04 16:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/02/03 01:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions
[2012/02/03 01:53:20 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/01/08 14:23:33 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/08/23 07:15:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com
[2012/01/06 05:56:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\foxmarks@kei.com
[2011/12/22 17:01:20 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\gamesbar@oberon-media.com
[2012/02/02 23:07:55 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com
[2011/12/30 22:30:15 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\plugin@yontoo.com
[2011/08/11 06:29:03 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\textlinks@arcadeweb.com
[2011/12/30 22:41:29 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\wecarereminder@bryan
[2011/06/21 23:02:15 | 000,002,571 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\askcom.xml
[2012/01/31 23:57:15 | 000,002,282 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\surf-canyon.xml
[2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/29 13:20:43 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
() (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
() (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/01/01 12:08:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/15 06:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/11 08:21:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/10/16 20:03:58 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober441754614.xml
[2011/12/16 15:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2011/11/11 11:18:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1980/01/01 11:18:44 | 000,000,179 | RH-- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 18:10:00 | 011,661,312 | ---- | C] (Rhapsody International Inc.) -- C:\Users\Janice\Desktop\rhapsody.exe
[2012/02/04 17:54:11 | 000,000,000 | ---D | C] -- C:\Temp
[2012/02/04 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Philips-Songbird
[2012/02/04 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\Philips-Songbird
[2012/02/04 16:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
[2012/02/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips
[2012/02/04 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2012/02/03 02:13:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/03 01:54:20 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/02/03 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\blekkotb
[2012/02/03 01:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/02/03 01:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb
[2012/01/29 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/29 02:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/25 23:27:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/01/25 20:19:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/25 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/25 08:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/25 08:21:02 | 000,000,000 | ---D | C] -- C:\jgh32265j
[2012/01/20 21:58:00 | 000,000,000 | ---D | C] -- C:\jgh32442j
[2012/01/19 22:00:25 | 000,000,000 | ---D | C] -- C:\jgh
[2012/01/19 21:57:16 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
[2012/01/19 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\RK_Quarantine
[2012/01/19 06:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/18 22:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 18:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
[2012/01/16 20:55:44 | 000,000,000 | ---D | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2012/02/05 00:33:37 | 000,193,112 | ---- | M] () -- C:\Users\Janice\Desktop\cm.png
[2012/02/04 18:13:19 | 000,870,128 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\mcs.rma
[2012/02/04 18:13:19 | 000,000,004 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\799399
[2012/02/04 18:09:56 | 011,661,312 | ---- | M] (Rhapsody International Inc.) -- C:\Users\Janice\Desktop\rhapsody.exe
[2012/02/04 16:42:48 | 000,001,217 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Philips Songbird.lnk
[2012/02/04 06:41:35 | 000,743,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/04 06:41:35 | 000,635,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/04 06:41:35 | 000,111,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 02:45:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 02:45:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 02:39:04 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/03 02:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 02:38:12 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 02:17:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 01:54:20 | 000,001,232 | ---- | M] () -- C:\Users\Janice\Desktop\Revo Uninstaller.lnk
[2012/01/29 02:31:59 | 000,001,405 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/29 02:12:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/29 02:12:43 | 000,756,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/29 02:12:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/01/28 19:21:10 | 000,544,368 | ---- | M] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
[2012/01/25 08:36:59 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
[2012/01/25 08:19:08 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
[2012/01/19 15:10:17 | 000,787,456 | ---- | M] () -- C:\Users\Janice\Desktop\RogueKiller.exe
[2012/01/17 18:25:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/01/17 18:25:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
[2012/01/07 03:02:59 | 000,003,085 | ---- | M] () -- C:\Users\Janice\Desktop\VinylMaster Pro.lnk

========== Files Created - No Company Name ==========

[2012/02/05 00:33:36 | 000,193,112 | ---- | C] () -- C:\Users\Janice\Desktop\cm.png
[2012/02/04 16:42:48 | 000,001,217 | ---- | C] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Philips Songbird.lnk
[2012/02/04 11:38:13 | 000,000,004 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\799399
[2012/02/04 11:38:12 | 000,870,128 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\mcs.rma
[2012/02/03 02:13:42 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 01:54:20 | 000,001,232 | ---- | C] () -- C:\Users\Janice\Desktop\Revo Uninstaller.lnk
[2012/01/29 02:31:59 | 000,001,417 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/29 02:12:40 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/29 02:12:17 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/01/28 19:21:10 | 000,544,368 | ---- | C] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
[2012/01/19 15:13:01 | 000,787,456 | ---- | C] () -- C:\Users\Janice\Desktop\RogueKiller.exe
[2012/01/19 06:40:38 | 000,002,752 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/01/19 06:40:38 | 000,002,654 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
[2012/01/19 06:40:38 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Qwest Personal Digital Vault.lnk
[2012/01/19 06:40:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2012/01/19 06:40:38 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Wordscape Online Party.lnk
[2012/01/19 06:40:38 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Online Party.lnk
[2012/01/19 06:40:38 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\User's Guide (Gateway InfoCentre).lnk
[2012/01/19 06:40:38 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/19 06:40:38 | 000,001,279 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/19 06:40:38 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 06:40:38 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2012/01/19 06:40:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/19 06:40:35 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/19 06:40:35 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2012/01/19 06:40:32 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/19 06:40:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/19 06:40:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/19 06:40:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/19 06:40:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/19 06:40:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/19 06:40:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/19 06:40:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/19 06:40:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/19 06:40:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/19 06:40:32 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 06:40:32 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/19 06:40:32 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/01/19 06:40:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2012/01/17 06:13:53 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.lnk
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
[2011/12/01 00:05:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 00:05:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 00:05:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 00:05:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 00:05:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/07 11:30:25 | 000,210,543 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/11/07 11:30:25 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/11/07 07:54:46 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/11/04 08:55:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/11/04 08:55:20 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/21 00:05:11 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 00:29:47 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/21 16:53:47 | 000,756,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/20 20:56:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/08 20:10:11 | 000,001,022 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
[2011/02/11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/08/27 15:02:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2000/05/15 09:52:40 | 000,003,004 | ---- | C] () -- C:\Windows\SysWow64\vmpro.ini

========== LOP Check ==========

[2011/07/05 00:27:19 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Amazonia
[2011/07/28 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Anarchy
[2011/10/17 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Artogon
[2011/08/24 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Big Fish Games
[2011/09/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\BitComet
[2011/08/28 23:54:48 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Dekovir
[2011/06/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoft
[2011/06/20 22:21:59 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/30 08:40:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Freeze Tag
[2011/11/15 06:42:08 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\funkitron
[2011/08/03 09:07:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GameBlend
[2011/06/27 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\HdO Adventure
[2011/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\NetAssistant
[2011/08/16 20:01:56 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nevosoft Games
[2011/08/23 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nokia Ovi Suite
[2011/08/21 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon
[2011/11/15 06:41:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon Media
[2011/06/11 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Packard Bell
[2011/07/21 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\PC Suite
[2012/02/04 16:44:04 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Philips-Songbird
[2011/11/18 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SpinTop Games
[2011/08/30 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SprillRichiEng
[2011/12/30 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SumatraPDF
[2011/06/22 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
[2011/12/26 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vogat Interactive
[2011/07/29 04:51:49 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WeatherBug
[2011/06/29 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1000
[2011/08/11 02:20:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1001
[2011/06/22 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Worldwinner
[2012/01/19 23:06:05 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:FB04FBFD
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E0648389
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:987CE5C8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:62D72D41
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5C2DDAE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:86AE00C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F2B0ABCC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8C5315B5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AA4982C6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:937250A8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:95E512F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DE5D1324
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B68494D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:10FC1DC1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3E34AA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BAEFC0C1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F4549211
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:70FD4407
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8EBE180D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9DADB9F7

< End of report >

oldman960
2012-02-05, 23:32
Hi e28ct17,


We missed one file. We'll remove it then one more scan. We'll clean up and remove the tools after you post back.



Open OTL. In the lower window under Custom Scans/Fixes copy and paste the following


:services

:files
C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn

Click the Run Fix button.

Please post the log.




One more to check for stragglers.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.



Please post back with
OTL fix log
ESET log if one was produced

e28ct17
2012-02-06, 05:14
Here are the logs

========== FILES ==========
C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 02052012_181254

ESET:

C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe a variant of Win32/InstallCore.F application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Janice\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application
C:\_OTL\MovedFiles\01182012_220707\C_ProgramData\notifyc.exe a variant of Win32/Kryptik.ZCK trojan
C:\_OTL\MovedFiles\01182012_220707\C_Users\Janice\AppData\Roaming\configwiz.exe a variant of Win32/Kryptik.ZCK trojan
C:\_OTL\MovedFiles\01182012_220707\C_Users\Janice\AppData\Roaming\Egrygi\hyqahih.exe a variant of Win32/Injector.NGQ trojan

oldman960
2012-02-06, 18:36
Hi e28ct17,

Don't worry about the Cnet detections, ESET is just warning about the downloader used. The others are files we have all ready quarantined and will remove shoetly along with the tools.


We'll clean up the tools now.

From your desktop, please delete, if present
any notepads/logs that we created
Rogue Killer
You can also delete any files we may have saved to your usb device. Keep the xPUD cd it may come in handy one day.

Next

We'll get a new copy of combofix as the one you have is quite old and will probably want to update. We will not run it but will use it for the uninstall procedure.

Locate the copy you have now, named jgh.exe, right click it and select delete.

Download a new copy from HERE (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) , Make sure to save it to your desktop.


Click the Start button, click Run. [Win7 users, go Start>"Start search"] Copy and paste the following line into the run box and click OK

Combofix /uninstall



Next

Locate the copy of OTL that we renamed to iexplorer.exe. Open it then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates and Upgrades

Your java is out of date. Click your start button > Control Panel
Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now


Next, clear the java cache

To clear the Java Plug-in cache: Click Start > Control Panel.
Double-click the Java icon in the control panel.
On the General tab, Click Settings under Temporary Internet Files.
On the Temporary Files Settings screen, Click Delete Files.
check all boxes
Click OK



Next

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you chosose Foxit decline the Foxit Toolbar.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.4.0 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .


You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)


Please post back if you have any problems.

Take care

e28ct17
2012-02-08, 18:42
Thank you again for all your help. You guys rock!!

oldman960
2012-02-09, 04:43
Hi e28ct17,

You are more than welcome.

Take care keep safe.

oldman960
2012-02-11, 11:14
Since this issue appears to be resolved ... this Topic has been closed.