Badly Infected

oldman960 · Jan 28, 2012

Hi e28ct17m,

Reboot to windows. Reboot the computer a couple of times then try xPUD. You're doing fine.

e28ct17 · Jan 28, 2012

When I input 2 I received the warning message about no bootloader, so I input 3 and it worked. Below are the logs you requested

2012-01-28-14:37:36

The following drives were found
sda
sdg
User has chosen drive sda
tdl_mbr_sda.bin exists
backing up mbr to tdl_mbr_sda.2012-01-28-14:37:56

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes

Device Boot Start End Blocks Id System
/dev/sda1 2048 31459327 15728640 27 Unknown
/dev/sda2 31459328 31664127 102400 1a Unknown
/dev/sda3 31664128 1953521663 960928768 7 HPFS/NTFS
/dev/sda4 * 1953521664 1953525151 1744 17 Hidden HPFS/NTFS

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs
4 1000GB 1000GB 1786kB primary ntfs boot, hidden

User has chosen to make partition 2 active
Warning! No bootloader found on partition 2
User rejected making partition 2 active

User has chosen to make partition 3 active

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs boot
4 1000GB 1000GB 1786kB primary ntfs hidden

User has accepted changes

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {36350f50-934d-11de-b33d-b7495bee80d8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
nx OptIn

Windows Boot Loader
-------------------
identifier {36350f50-934d-11de-b33d-b7495bee80d8}
device ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {36350f4e-934d-11de-b33d-b7495bee80d8}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {36350f51-934d-11de-b33d-b7495bee80d8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\36350f50-934d-11de-b33d-b7495bee80d8\boot.sdi

oldman960 · Jan 28, 2012

Hi e28ct17,

Good job.

Before we finish cleaning this for you a couple of questions. After rebooting did the computer boot normally or did you need to edit the line again?

Are you still getting redirects?

RogueKiller has been updated. Please delete the copy you have and download a new one. The interface is different in the new version. Double click to run it. Once it's open and has done it's prescan click the scan button. After the scan has completed click the report button and post the log.

You can get a new copy from HERE

e28ct17 · Jan 28, 2012

The computer booted normally....I did not have to edit the line. The redirects have stopped. Looks like things are back to normal, thanks to you!!

RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Janice [Admin rights]
Mode: Scan -- Date : 01/28/2012 15:25:51

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] ReminderHelper.exe -- C:\ProgramData\WeCareReminder\ReminderHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] winupd.job : C:\Users\Janice\AppData\Local\Temp:winupd.exe -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 862d43404943f43730948c81ebbefce0
[BSP] 62f35c68ca4bceaeae08b6f8c4f7e488 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16106 Mo

1 - [XXXXXX] UNKNOWN (0x1a) [VISIBLE] Offset (sectors): 31459328 | Size: 104 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 983991 Mo

3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953521664 | Size: 1 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

oldman960 · Jan 29, 2012

Hi e28ct17,

Sorry this is taking so long. Your computer is a bit of an oddity so I wanted to make sure it was the computer and not something new this malware was doing.

Next, Right click on OTL.exe and chose Run as Administrator to run it

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

Code:

:Services

:Reg

:Files
c:\users\Janice\AppData\Roaming\Yfhym
c:\users\Janice\AppData\Roaming\Inuro
c:\users\Janice\AppData\Roaming\Adodn
c:\users\Janice\AppData\Roaming\Elday
c:\users\Janice\AppData\Roaming\Urubn
c:\users\Janice\AppData\Roaming\Goaci
c:\users\Janice\AppData\Roaming\Ofgaub
c:\users\Janice\AppData\Roaming\Sie 

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

One more trip with xPUD

Boot into xPUD then click the File tab.
Press File
Expand mnt
Click on the folder under mnt that represents your USB drive (sdb1 ?)
You should see the tdl_fix.sh file in the main window.
Select Tool from the Menu
Choose Open Terminal
Type bash tdl_fix.sh -delete then press Enter.
** Make sure to leave a space to either side of tdl_fix.sh in the command.
You should be notified of a hidden partition found and prompted to delete it.
Type y then press Enter.
The script will complete and prompt you to reboot the computer.
Close the Terminal window and restart back into Windows.
Post the contents of the tdl_delete.txt file that was created on your flash drive.

The computer should boot normally. If for some reason it doesn't use the F10 method first. If you still have problems follow the steps below.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.

Computer still behaving?

Thanks

e28ct17 · Jan 29, 2012

Microsoft Security Essentials found the following on my computer (I have not taken any action on them)

DOS/Aluteon.E and Win32/Arcadeweb

I ran OTL and below is my log. I will wait to do xPUD until I hear back from you.

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\users\Janice\AppData\Roaming\Yfhym folder moved successfully.
c:\users\Janice\AppData\Roaming\Inuro folder moved successfully.
c:\users\Janice\AppData\Roaming\Adodn folder moved successfully.
c:\users\Janice\AppData\Roaming\Elday folder moved successfully.
c:\users\Janice\AppData\Roaming\Urubn folder moved successfully.
c:\users\Janice\AppData\Roaming\Goaci folder moved successfully.
c:\users\Janice\AppData\Roaming\Ofgaub folder moved successfully.
c:\users\Janice\AppData\Roaming\Sie folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janice
->Temp folder emptied: 499906 bytes
->Temporary Internet Files folder emptied: 39799349 bytes
->Java cache emptied: 186882690 bytes
->FireFox cache emptied: 172457852 bytes
->Flash cache emptied: 70005 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 2381032 bytes

Total Files Cleaned = 384.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01292012_115543

Files\Folders moved on Reboot...
C:\Users\Janice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDMOXURH\27[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDMOXURH\27[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0EJLRQW\32[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\533CW1BO\26[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\533CW1BO\30[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03AWZWF0\31[2].png moved successfully.

Registry entries deleted on Reboot...

oldman960 · Jan 29, 2012

Hi e28ct17,

DOS/Aluteon.E and Win32/Arcadeweb

Do you know where the detection was? I'm pretty sure it finaly detected the rogue partition which is now inactive.

Go ahead with xPUD.

e28ct17 · Jan 31, 2012

No, I don't know where the detection was...i don't think it said. Here is the log you requested

2012-01-30-21:09:16

using tdl_delete_sda.bin

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs boot
4 1000GB 1000GB 1786kB primary ntfs hidden

Hidden partition found on sda
sda4 is hidden
Deleting partition 4 on drive sda

Model: ATA WDC WD10EADS-22M (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1049kB 16.1GB 16.1GB primary ntfs
2 16.1GB 16.2GB 105MB primary ntfs
3 16.2GB 1000GB 984GB primary ntfs boot

No hidden partition on sdg

oldman960 · Jan 31, 2012

Hi e28ct17,

That should have taken care of the MSE detections. Any problems?

e28ct17 · Jan 31, 2012

Yes, my browser home page keeps resetting to mywebsearch.com. Everything else seems to work ok.

oldman960 · Feb 1, 2012

Hi e28ct17,

Click on the Start button > Control Panel

Depending on your setings, either

click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

Uninstall the following programs

iLivid
Windows iLivid Toolbar

Next

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad windows, OTL.Txt no Extras.Txt this time.

Please post the log.

e28ct17 · Feb 1, 2012

I uninstalled iLivid with no problems, but after I uninstalled Windows iLivid Toolbar it didn't delete from the programs list. So I tried to uninstall it again and it acts like it is uninstalling, but still show up on list.

Here is OTL log

OTL logfile created on: 1/31/2012 11:09:06 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.93 Gb Available Physical Memory | 65.87% Memory free
6.94 Gb Paging File | 4.69 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): c:\pagefile.sys 1000 9163 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 856.51 Gb Free Space | 93.46% Space Free | Partition Type: NTFS

Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Janice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)

========== Modules (No Company Name) ==========

MOD - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko9.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b..._m5802/m3802&r=1736061196dg1275w9283i9hj67767
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b..._m5802/m3802&r=1736061196dg1275w9283i9hj67767

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/20 23:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 12:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/16 20:13:49 | 000,000,000 | ---D | M]

[2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions
[2012/01/28 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions
[2012/01/08 14:23:33 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/11/01 20:33:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/08/23 07:15:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\2020Player_WEB@2020Technologies.com
[2012/01/06 05:56:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\foxmarks@kei.com
[2011/12/22 17:01:20 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\gamesbar@oberon-media.com
[2012/01/28 18:06:02 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\LogMeInClient@logmein.com
[2011/12/30 22:30:15 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\plugin@yontoo.com
[2011/08/11 06:29:03 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\textlinks@arcadeweb.com
[2011/12/30 22:41:29 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\wecarereminder@bryan
[2011/06/21 23:02:15 | 000,002,571 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\askcom.xml
[2012/01/05 10:52:16 | 000,009,987 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml
[2012/01/24 21:54:43 | 000,002,282 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\surf-canyon.xml
[2012/01/05 19:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/29 13:20:43 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
() (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
() (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\48HSR9SG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/01/01 12:08:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/15 06:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/11 08:21:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/10/16 20:03:58 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober441754614.xml
[2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/11 11:18:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/08/21 22:21:35 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober112634188.xml
[2011/08/24 00:27:46 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober174870194.xml
[2011/08/24 00:54:09 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober176453105.xml
[2011/11/25 12:08:02 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober232756486.xml
[2011/11/15 06:41:17 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober275019326.xml
[2011/11/18 17:31:05 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober64933824.xml

O1 HOSTS File: ([2012/01/25 09:18:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 02:21:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/29 02:21:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/29 02:21:16 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/29 02:21:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/29 02:21:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/29 02:21:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/29 02:21:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/29 02:21:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/29 02:21:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/29 02:21:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/29 02:21:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/29 02:21:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/29 02:21:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/29 02:21:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/29 02:21:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/29 02:21:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/29 02:21:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/29 02:21:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/29 02:21:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/29 02:21:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/29 02:21:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/29 02:21:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/29 02:21:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/29 02:21:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/29 02:21:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/29 02:21:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/29 02:21:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/29 02:21:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/29 02:21:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/29 02:21:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/29 02:21:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/29 02:21:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/29 02:21:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/29 02:21:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/29 02:21:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/29 02:21:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/29 02:21:16 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/29 02:21:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/29 02:21:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/29 02:21:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/29 02:21:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/29 02:21:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/29 02:21:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/29 02:21:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/29 02:21:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/29 02:21:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/29 02:21:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/29 02:21:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/29 02:21:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/29 02:21:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/29 02:21:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/29 02:21:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/29 02:21:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/29 02:21:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/29 02:21:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/29 02:21:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/29 02:21:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/29 02:21:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/29 02:21:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/29 02:21:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/29 02:21:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/29 02:21:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/29 02:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/29 02:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/29 02:08:49 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/29 02:08:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/29 02:08:49 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/29 02:08:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/29 02:08:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/29 02:08:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/25 23:27:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/01/25 20:19:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/25 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/25 08:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/25 08:21:02 | 000,000,000 | ---D | C] -- C:\jgh32265j
[2012/01/20 21:58:00 | 000,000,000 | ---D | C] -- C:\jgh32442j
[2012/01/19 22:00:25 | 000,000,000 | ---D | C] -- C:\jgh
[2012/01/19 21:57:16 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
[2012/01/19 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\RK_Quarantine
[2012/01/19 06:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/18 22:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 18:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
[2012/01/17 00:13:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/17 00:13:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/17 00:13:00 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/17 00:13:00 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/17 00:12:47 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/17 00:12:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/17 00:12:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/16 20:55:44 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/05 01:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/01/05 01:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/01/03 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Real
[2012/01/03 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2012/01/03 22:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody

========== Files - Modified Within 30 Days ==========

[2012/01/31 22:36:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 22:36:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 21:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/30 21:11:46 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 02:31:59 | 000,001,405 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/29 02:21:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/29 02:21:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/29 02:21:16 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/29 02:21:16 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/29 02:21:16 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/29 02:21:16 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/29 02:21:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/29 02:21:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/29 02:21:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/29 02:21:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/29 02:21:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/29 02:21:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/29 02:21:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/29 02:21:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/29 02:21:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/29 02:21:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/29 02:21:16 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/29 02:21:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/29 02:21:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/29 02:21:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/29 02:21:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/29 02:21:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/29 02:21:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/29 02:21:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/29 02:21:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/29 02:21:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/29 02:21:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/29 02:21:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/29 02:21:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/29 02:21:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/29 02:21:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/29 02:21:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/29 02:21:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/29 02:21:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/29 02:21:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/29 02:21:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/29 02:21:16 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/29 02:21:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/29 02:21:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/29 02:21:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/29 02:21:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/29 02:21:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/29 02:21:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/29 02:21:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/29 02:21:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/29 02:21:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/29 02:21:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/29 02:21:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/29 02:21:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/29 02:21:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/29 02:21:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/29 02:21:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/29 02:21:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/29 02:21:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/29 02:21:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/29 02:21:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/29 02:21:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/29 02:21:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/29 02:21:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/29 02:21:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/29 02:21:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/29 02:21:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/29 02:21:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/29 02:21:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/29 02:21:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/29 02:12:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/29 02:12:43 | 000,756,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/29 02:12:43 | 000,634,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/29 02:12:43 | 000,111,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/29 02:12:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/01/28 19:21:10 | 000,544,368 | ---- | M] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
[2012/01/25 09:18:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/25 08:36:59 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
[2012/01/25 08:19:08 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\jgh.exe
[2012/01/22 21:21:31 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 15:10:17 | 000,787,456 | ---- | M] () -- C:\Users\Janice\Desktop\RogueKiller.exe
[2012/01/17 18:25:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/01/17 18:25:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\iexplorer.exe
[2012/01/17 11:16:23 | 000,001,096 | ---- | M] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
[2012/01/07 03:02:59 | 000,003,085 | ---- | M] () -- C:\Users\Janice\Desktop\VinylMaster Pro.lnk
[2012/01/03 22:27:14 | 000,000,929 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2012/01/03 22:27:14 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/02 22:49:57 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== Files Created - No Company Name ==========

[2012/01/29 02:31:59 | 000,001,417 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/29 02:21:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/29 02:12:40 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/29 02:12:17 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/01/28 19:21:10 | 000,544,368 | ---- | C] () -- C:\Users\Janice\Desktop\TaxReturn.pdf
[2012/01/19 15:13:01 | 000,787,456 | ---- | C] () -- C:\Users\Janice\Desktop\RogueKiller.exe
[2012/01/19 06:40:38 | 000,002,752 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/01/19 06:40:38 | 000,002,654 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
[2012/01/19 06:40:38 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Qwest Personal Digital Vault.lnk
[2012/01/19 06:40:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2012/01/19 06:40:38 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Wordscape Online Party.lnk
[2012/01/19 06:40:38 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Online Party.lnk
[2012/01/19 06:40:38 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\User's Guide (Gateway InfoCentre).lnk
[2012/01/19 06:40:38 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/19 06:40:38 | 000,001,279 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/19 06:40:38 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 06:40:38 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2012/01/19 06:40:38 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/19 06:40:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/19 06:40:35 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/19 06:40:35 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2012/01/19 06:40:32 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/19 06:40:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/19 06:40:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/19 06:40:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/19 06:40:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/19 06:40:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/19 06:40:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/19 06:40:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/19 06:40:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/19 06:40:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/19 06:40:32 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 06:40:32 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/19 06:40:32 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/01/19 06:40:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2012/01/17 11:16:23 | 000,001,096 | ---- | C] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk
[2012/01/17 06:13:53 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 23.lnk
[2012/01/03 22:27:14 | 000,000,929 | ---- | C] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn
[2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\ProgramData\w5hw08b8wo4jqn
[2011/12/12 01:51:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1
[2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1
[2011/12/01 00:05:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 00:05:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 00:05:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 00:05:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 00:05:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/07 11:30:25 | 000,210,543 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/11/07 11:30:25 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/11/07 07:54:46 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/11/04 08:55:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/11/04 08:55:20 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/21 00:05:11 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/26 00:29:47 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/21 16:53:47 | 000,756,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/20 20:56:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/08 20:10:11 | 000,001,022 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
[2011/02/11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/08/27 15:02:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2000/05/15 09:52:40 | 000,003,004 | ---- | C] () -- C:\Windows\SysWow64\vmpro.ini

========== LOP Check ==========

[2011/07/05 00:27:19 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Amazonia
[2011/07/28 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Anarchy
[2011/10/17 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Artogon
[2011/08/24 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Big Fish Games
[2011/09/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\BitComet
[2011/08/28 23:54:48 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Dekovir
[2011/06/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoft
[2011/06/20 22:21:59 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/30 08:40:32 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Freeze Tag
[2011/11/15 06:42:08 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\funkitron
[2011/08/03 09:07:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GameBlend
[2011/06/27 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\HdO Adventure
[2011/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\NetAssistant
[2011/08/16 20:01:56 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nevosoft Games
[2011/08/23 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Nokia Ovi Suite
[2011/08/21 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon
[2011/11/15 06:41:12 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Oberon Media
[2011/06/11 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Packard Bell
[2011/07/21 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\PC Suite
[2011/11/18 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SpinTop Games
[2011/08/30 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SprillRichiEng
[2011/12/30 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SumatraPDF
[2011/06/22 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
[2011/12/26 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vogat Interactive
[2011/07/29 04:51:49 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WeatherBug
[2011/06/29 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1000
[2011/08/11 02:20:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangentv1001
[2011/06/22 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Worldwinner
[2012/01/19 23:06:05 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:FB04FBFD
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E0648389
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:987CE5C8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:62D72D41
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP

5C2DDAE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:86AE00C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F2B0ABCC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF258AD5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8C5315B5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AA4982C6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:937250A8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:95E512F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP

E5D1324
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B68494D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:10FC1DC1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3E34AA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BAEFC0C1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F4549211
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:70FD4407
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8EBE180D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9DADB9F7

< End of report >

e28ct17 · Feb 1, 2012

Microsoft Security Essentials found the threat Rouge:Win/Winwebsec on my computer and I removed it.

oldman960 · Feb 1, 2012

Hi e28ct17,

Let's see if we can get this cleaned up.

You have Revo Uninstaller and I see you have used it before. So let's see if we can it help out.

Right click the Revo Uninstaller Icon on the desktop and click "Run as Administrator to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

Locate the program you are uninstalling Windows iLivid Toolbar[/B>
[*]Right Click the Icon then choose Uninstall.
[*]Click yes to the warning and choose the Uninstall Mode
[*]Choose the Advanced option and then click Next.
[*]This will launch the programs built in uninstaller. Be patient it can take several seconds.
[*]Once the uninstaller is done click Next.
[*]Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
[*]Once this scan is done click Next.
[*]You will then be presented of the leftover entries found by Revo Uninstaller
[*]Look at ALL of the entries to ensure they relate to the uninstall.
[*]Next click Select All > Delete to remove the entries.
[*]Click Next.
[*]If there are any program file folders left over you will be presented with a list to be removed.
[*]Again look at ALL of the entries to ensure they are related to the uninstall.
[*]Click Select All > Delete to remove the entries.
[*]Click Finish to go back to the uninstall list.
[*]Close the program

Next

Right click on OTL.exe and chose Run as Administrator to run it

Under the Custom Scans/Fixes box at the bottom, paste in the following

Do Not copy the word CODE

please note the fix starts with the :

Code:

:Services :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...FYMEQAodrjEGpQ FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "iLivid Web Search" FF - prefs.js..browser.search.selectedEngine: "My Web Search" FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=" [2011/11/01 20:33:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012/01/05 10:52:16 | 000,009,987 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml [2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml [2011/11/01 20:33:58 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011/08/21 22:21:35 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober112634188.xml [2011/08/24 00:27:46 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober174870194.xml [2011/08/24 00:54:09 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober176453105.xml [2011/11/25 12:08:02 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober232756486.xml [2011/11/15 06:41:17 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober275019326.xml [2011/11/18 17:31:05 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober64933824.xml [2012/01/17 11:16:23 | 000,001,096 | ---- | M] () -- C:\Users\Janice\Desktop\Smart Protection 2012.lnk 2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\Users\Janice\AppData\Local\w5hw08b8wo4jqn [2011/12/17 03:50:15 | 000,010,408 | --S- | C] () -- C:\ProgramData\w5hw08b8wo4jqn [2011/12/12 01:51:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1 [2011/12/08 04:43:30 | 000,012,642 | --S- | C] () -- C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1 :Commands [createrestorepoint] [emptytemp]

Then click the Run Fix button at the top

Let the program run unhindered

Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

Next

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab

Click Check for Updates

If an update is found, it will download and install the latest version.

The program will close to update and reopen.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Open OTL and get a new scan log.

Please post back with

OTL fix log

MBAM

OTLscan log

How's the computer?

e28ct17 · Feb 3, 2012

The computer seems to be working fine.

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {36350f50-934d-11de-b33d-b7495bee80d8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {36350f4e-934d-11de-b33d-b7495bee80d8}
nx OptIn

Windows Boot Loader
-------------------
identifier {36350f50-934d-11de-b33d-b7495bee80d8}
device ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\36350f50-934d-11de-b33d-b7495bee80d8\Winre.wim,{36350f51-934d-11de-b33d-b7495bee80d8}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {36350f4e-934d-11de-b33d-b7495bee80d8}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {36350f51-934d-11de-b33d-b7495bee80d8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\36350f50-934d-11de-b33d-b7495bee80d8\boot.sdi

========== SERVICES/DRIVERS ==========
========== FILES ==========
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe InDesign CS2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Bitstream Font Navigator.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel CAPTURE X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Corel PHOTO-PAINT X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\CorelDRAW X4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Duplexing Wizard.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\SB Profiler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\Corel PHOTO-PAINT X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW Graphics Suite X4 User Guide PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 Programming Guide for VBA PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite X4\Documentation\CorelDRAW X4 VBA Object Model PDF.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Amazonia.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Collapse Crunch.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Dora's World Adventure.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape The Emerald Star.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Whisper Valley (TM).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Farm Frenzy - Pizza Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FATE Undiscovered Realms.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FBI Paranormal Case Extended Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Insaniquarium Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Liong - The Lost Amulets.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Gateway Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The London Caper.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - The Vegas Heist.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\QuantZ.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Vampireville.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - The Secret City.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Wheel of Fortune 2.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\World of Goo.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\About GamesBar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\GamesBar\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Recovery Management.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Gateway Updater.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Identity Card.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway\Welcome Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Gateway MyBackup\Gateway MyBackup.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iLivid\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Play iWin Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Margrave Manor The Curse of the Severed Heart -- Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Unsolved Mystery Club Ancient Astronauts Collectors Edition.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Games\Launch Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\iWin Games\Uninstall Games\Uninstall Wordscape Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile software updater Agent.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero ControlCenter 4.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero Online Upgrade.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero ControlCenter 4 [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DiscSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero DriveSpeed [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero Express Essentials SE [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero InfoTool [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Manuals\Nero StartSmart Essentials [English Help].lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Express Essentials SE.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DiscSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero DriveSpeed.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 9\Nero Toolkit\Nero InfoTool.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Jewel Quest Mysteries 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Jewel Quest Mysteries 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Mystery P.I. The Curious Case of Counterfeit Cove.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Pogo Games.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Pogo Games\Mystery P.I. The Curious Case of Counterfeit Cove\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Qwest Personal Digital Vault\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Check For Rhapsody Update.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Rhapsody\Uninstall Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood 4.0 ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Snood 4\Uninstall Snood.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Register Your Software.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\ReadMe.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23\Documents\Riverdeep License Agreement.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Readme.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Help.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! on the Web.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it! Scheduler.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Trash it!\Uninstall Trash it!.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\WorldWinner Games\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Super Collapse 3.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Uninstall.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\1\Programs\Yahoo! Games\Super Collapse 3\Yahoo! Games - Games And Online Games.lnk
224 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Janice\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop " /H /I /S /Y /C >
C:\Users\Janice\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iLivid Download Manager.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\iTunes.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Jewel Quest Online Party.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Nero StartSmart Essentials.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Netflix.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Qwest Personal Digital Vault.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Rhapsody.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\The Print Shop 23.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\User's Guide (Gateway InfoCentre).lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\WildTangent Games App - gateway.lnk
C:\Users\Janice\AppData\Local\Temp\smtmp\4\Wordscape Online Party.lnk
15 File(s) copied
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01192012_064031

oldman960 · Feb 3, 2012

Hi e28ct17,
,

Those are old logs. The OTL fix log is from Jan 19. Open Windows Explorer and navigate to C:\_OTL\Moved files. The log you are looking for will be a txt file named 02022012_XXXXXX (x's represent the time)

The other log you posted was from bootedit. The MBAM log rquested can be located in MBAM.

open MBAM
click on the Logs tab
locate the last one created
click on it and click open

Don't forget to get a new OTL scan log.

Thanks

e28ct17 · Feb 3, 2012

Hi! Sorry about that. I just noticed, but my recovery drive has disappeared. I had a few other drives and they have disappeared too. Drive C and my DVD drive are the only drives under My Computer.

Here are the logs

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "iLivid Web Search" removed from browser.search.order.1
Prefs.js: "My Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=" removed from keyword.URL
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\mywebsearch.xml moved successfully.
C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\searchplugins\SearchResults.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober112634188.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober174870194.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober176453105.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober232756486.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober275019326.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober64933824.xml moved successfully.
C:\Users\Janice\Desktop\Smart Protection 2012.lnk moved successfully.
C:\ProgramData\w5hw08b8wo4jqn moved successfully.
C:\ProgramData\hash.dat moved successfully.
C:\Users\Janice\AppData\Local\8sqbcbba3f0aeff3s6c0cu1 moved successfully.
C:\ProgramData\8sqbcbba3f0aeff3s6c0cu1 moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janice
->Temp folder emptied: 7518668 bytes
->Temporary Internet Files folder emptied: 67781473 bytes
->Java cache emptied: 17439374 bytes
->FireFox cache emptied: 1102478468 bytes
->Flash cache emptied: 6676 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69102 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1523262976 bytes

Total Files Cleaned = 2,593.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_015851

Files\Folders moved on Reboot...
C:\Users\Janice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\28[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\30[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLAUY0ZW\34[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\20[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\20[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\32[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBLUBDM2\32[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\27[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\33[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HO83HXF\33[2].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UUSU2Y0\29[1].png moved successfully.
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UUSU2Y0\29[2].png moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.02.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Janice :: JANICE-PC [administrator]

2/3/2012 2:32:15 AM
mbam-log-2012-02-03 (02-32-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187663
Time elapsed: 4 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Janice\Downloads\bios_password_cracker_13azip.exe (PUP.BundleInstaller.MG) -> Quarantined and deleted successfully.
C:\Users\Janice\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

oldman960 · Feb 3, 2012

Hi e28ct17,

Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement

When Computer Management opens double click on disk management
make sure the pane is expanded wide enough to show all partitions
There should be 3 listed

The first one should be 15gb. Is it visible there?

You should see the same image as you posted in the earlier screenshot with the exception of the 2Mb partition.

e28ct17 · Feb 4, 2012

Yes, there were 3 listed....15 GB (recovery partition), 100 MB, C: drive

oldman960 · Feb 4, 2012

Hi e28ct17,

When you looked in Disk Management were disks 1-5 listed in the lower panel?

Also in the lower panel Disk0 should have been shown divided into 3 sections. Sound right?

Badly Infected

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member