Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Administrative Tools missing after Trojan Horse Generic22.GWN


  • Please log in to reply

#1
LinBetz

LinBetz

    Member

  • Member
  • PipPip
  • 10 posts
My husband turned on the computer a couple of days ago and got a message that he thought was from AVG saying there was a virus on the computer and did he want it fixed. He clicked OK and a box opened which showed some scans being run followed by a message that these problems couldn't be fixed unless he purchased a program. He closed the box and then found that all his desktop icons had disappeared(although icons on the Quick Launch bar are unaffected), and that many programs were missing from the Start>All Programs list. When we checked AVG log there was a Trojan Horse Generic22.GWN in the virus vault which we deleted.
I discovered that many program files were hidden, and I managed to unhide these and their names now appear on the "All Programs" list but none of the names on the list link to the programs.
If I look at Start>All Programs>Accessories>System Tools the only thing that is listed is "Internet Explorer (No Add-ons)" This link does work.
Start>Control Panel>Administrative Tools is empty.
The Start>Search function is unavailable - although the search window does open, it contains the message that Windows search isn't running.
I am able to access Windows Explorer as I had an icon on the Quick Launch bar.

I have tried using Safe Mode to restore to an earlier setting, but it was unable to do it.

I am running XP Professional SP3, which I don't have installation discs for.

I have run the OTL Quick Scan and this is the results on the OTL.txt notepad:


OTL logfile created on: 25/05/2011 5:32:13 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\linda\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.42 Mb Total Physical Memory | 239.45 Mb Available Physical Memory | 23.42% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.18 Gb Free Space | 16.35% Space Free | Partition Type: NTFS
Drive D: | 19.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 153.35 Gb Total Space | 79.20 Gb Free Space | 51.65% Space Free | Partition Type: FAT32

Computer Name: LIN | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 17:30:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda\My Documents\Downloads\OTL.exe
PRC - [2011/05/07 21:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/21 11:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/30 16:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/11/16 14:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/19 21:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 21:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/11/18 11:18:16 | 000,151,552 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/01/04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/18 15:20:34 | 001,114,112 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 17:30:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 10:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/07 11:22:45 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/19 21:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 21:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/11/18 11:18:16 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/08/25 16:47:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/07/12 16:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/28 08:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/29 14:36:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/27 11:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/30 16:01:25 | 000,016,376 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/07/12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/07/12 10:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/07/12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/07/12 10:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/01/29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 20:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2001/08/17 13:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..keyword.URL: "http://search.avg.co...u&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/04/13 22:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/21 23:53:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/06 12:25:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 11:26:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/07 11:26:40 | 000,000,000 | ---D | M]

[2008/08/30 12:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda\Application Data\Mozilla\Extensions
[2011/03/07 11:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions
[2010/04/27 22:52:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/14 12:06:38 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/10/14 12:02:29 | 000,000,000 | ---D | M] (Classic Compact Options) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\[email protected]
[2010/03/14 12:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2008/09/12 11:33:05 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\searchplugins\winamp-search.xml
[2011/03/07 11:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/04 13:45:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/21 23:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/04/13 22:28:35 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2010/09/04 13:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/06 12:25:05 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2010/09/04 13:44:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/01/02 12:10:44 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2008/07/31 17:52:45 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2001/08/23 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamAppSTI.exe] C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe (AVEO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celarte...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} https://vdmsec.gordo...-viewclient.cab (VMware_VDM_Client Class)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\linda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\linda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/07 16:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/11 18:27:06 | 000,000,048 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 15:35:29 | 000,731,000 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\linda\Desktop\autoruns.exe
[2011/05/22 15:35:28 | 000,595,320 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\linda\Desktop\autorunsc.exe
[2011/05/22 00:05:31 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\15785764.exe
[2007/10/15 09:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[2004/11/25 05:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 17:31:20 | 115,877,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/25 17:27:09 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/25 17:26:45 | 000,204,850 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/25 17:26:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 17:26:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 17:26:13 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/05/25 17:25:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 22:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 20:33:58 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/24 20:20:52 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15785764r
[2011/05/24 20:20:52 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15785764
[2011/05/22 17:13:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/22 14:59:02 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\linda\My Documents\Trojan.csv
[2011/05/22 00:08:22 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15785764
[2011/05/14 09:23:00 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 08:58:16 | 000,146,573 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/04/25 20:00:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 15:35:28 | 000,048,904 | ---- | C] () -- C:\Documents and Settings\linda\Desktop\autoruns.chm
[2011/05/22 14:59:02 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\linda\My Documents\Trojan.csv
[2011/05/22 00:06:50 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15785764r
[2011/05/22 00:06:49 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15785764
[2011/05/22 00:05:39 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15785764
[2011/04/20 16:08:00 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Efwnap.ini
[2010/09/06 14:01:31 | 000,000,198 | ---- | C] () -- C:\WINDOWS\TB50.INI
[2010/09/06 14:01:31 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ASYM.INI
[2010/01/04 22:36:17 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/12/23 19:51:22 | 000,000,087 | ---- | C] () -- C:\WINDOWS\inst.ini
[2009/12/23 19:50:48 | 000,000,354 | ---- | C] () -- C:\WINDOWS\musicstr.ini
[2009/11/15 07:53:55 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/19 16:20:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/13 17:48:24 | 000,061,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 04:05:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/05/29 14:35:18 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/01 12:42:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.linda.ini
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VINFO.INI
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TT98.INI
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\FILTER3.INI
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\FFDREC.INI
[2008/07/05 21:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 21:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 21:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/23 03:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 21:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/13 04:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/06/03 23:11:07 | 000,000,088 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/21 14:20:27 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2008/05/21 14:20:27 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2008/05/12 20:41:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/10 23:45:52 | 000,001,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/10 17:56:25 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/10 14:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/10 14:34:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/05/10 13:55:25 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/05/07 23:59:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/07 23:56:38 | 000,322,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/07 17:17:36 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2008/05/07 17:17:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2008/05/07 17:17:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\HyperDrive.exe
[2008/05/07 17:17:35 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2008/05/07 17:17:35 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2008/05/07 17:17:35 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2008/05/07 17:17:35 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/05/07 17:17:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/07 17:17:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/07 17:17:34 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/05/07 17:17:34 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/05/07 17:17:34 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/05/07 17:17:34 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/05/07 17:08:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/05/07 16:33:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/05/07 16:28:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/29 02:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 02:43:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/06/29 02:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 02:43:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/06/29 02:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 02:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 02:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 02:43:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/06/29 02:43:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/29 02:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2006/11/03 02:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004/10/04 03:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 22:00:00 | 000,465,846 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 22:00:00 | 000,079,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/23 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/12/25 10:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/12/28 12:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/26 21:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/26 21:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/01 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/10/04 16:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/04/06 12:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/04/14 06:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/15 21:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/07/31 17:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/12/05 21:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/05/25 17:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 11:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/09 12:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/21 23:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/23 23:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/06 22:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/04 16:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AD2241B4-DF72-4418-A91C-A27146879636}
[2010/05/07 11:09:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/12/26 23:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\AVG
[2010/12/26 21:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\AVG10
[2010/01/29 16:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Bioshock
[2009/12/23 23:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Braid
[2010/09/11 22:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1
[2010/03/29 17:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Facebook
[2008/06/15 14:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\FileMaker
[2009/08/17 16:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\GetRightToGo
[2010/01/08 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\LucasArts
[2009/10/28 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\MY FLOWERS
[2010/11/15 21:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Nokia
[2010/11/15 21:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\PC Suite
[2009/01/26 20:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Softplicity
[2010/05/07 11:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\TuneUp Software
[2010/05/09 13:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Ulead Systems
[2009/11/12 15:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\uTorrent
[2009/08/13 21:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Windows Desktop Search
[2009/08/30 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda\Application Data\Windows Search
[2011/05/25 17:26:13 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:Services
HidServ
ACDaemon

:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
[2010/09/04 13:45:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
[2011/04/20 16:08:00 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Efwnap.ini
[2010/09/06 14:01:31 | 000,000,198 | ---- | C] () -- C:\WINDOWS\TB50.INI
[2010/09/06 14:01:31 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ASYM.INI
[2011/05/22 00:05:31 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\15785764.exe
[2011/05/24 20:20:52 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15785764r
[2011/05/24 20:20:52 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15785764
[2011/05/22 00:05:39 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15785764

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Download and save and run unhide.exe from http://download.blee...nler/unhide.exe

Did your program links come back?

Ron
  • 0

#3
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for your response Ron. OK... I opened OTL, copied and pasted the text, and ran OTL as instructed. When the computer rebooted I could see no log to save.... did I miss something there?

These are the two files I got when I ran the next scan with OTL. I'm just about to download and run the next step in the instructions. Will reply to that when done.


OTL.txt


OTL logfile created on: 26/05/2011 8:57:45 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\linda\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.42 Mb Total Physical Memory | 326.84 Mb Available Physical Memory | 31.97% Memory free
2.40 Gb Paging File | 1.80 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.15 Gb Free Space | 16.30% Space Free | Partition Type: NTFS
Drive D: | 19.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 153.35 Gb Total Space | 79.20 Gb Free Space | 51.65% Space Free | Partition Type: FAT32

Computer Name: LIN | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 17:30:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda\My Documents\Downloads\OTL.exe
PRC - [2011/05/07 21:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/21 11:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/30 16:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/11/16 14:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/19 21:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 21:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/11/18 11:18:16 | 000,151,552 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/01/04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/18 15:20:34 | 001,114,112 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 17:30:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 10:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/07 11:22:45 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/19 21:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 21:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/11/18 11:18:16 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/08/25 16:47:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/07/12 16:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/28 08:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/29 14:36:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/27 11:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/30 16:01:25 | 000,016,376 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/07/12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/07/12 10:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/07/12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/07/12 10:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/01/29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 20:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2001/08/17 13:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..keyword.URL: "http://search.avg.co...u&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/04/13 22:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/21 23:53:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/06 12:25:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 11:26:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/07 11:26:40 | 000,000,000 | ---D | M]

[2008/08/30 12:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda\Application Data\Mozilla\Extensions
[2011/03/07 11:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions
[2010/04/27 22:52:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/14 12:06:38 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/10/14 12:02:29 | 000,000,000 | ---D | M] (Classic Compact Options) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\[email protected]
[2010/03/14 12:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2008/09/12 11:33:05 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\linda\Application Data\Mozilla\Firefox\Profiles\wkjt7fr8.default\searchplugins\winamp-search.xml
[2011/03/07 11:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/21 23:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/04/13 22:28:35 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2010/09/04 13:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/06 12:25:05 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2010/09/04 13:44:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/01/02 12:10:44 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2008/07/31 17:52:45 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2011/05/26 08:40:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamAppSTI.exe] C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe (AVEO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celarte...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} https://vdmsec.gordo...-viewclient.cab (VMware_VDM_Client Class)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\linda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\linda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/07 16:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/11 18:27:06 | 000,000,048 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 08:40:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 15:35:29 | 000,731,000 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\linda\Desktop\autoruns.exe
[2011/05/22 15:35:28 | 000,595,320 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\linda\Desktop\autorunsc.exe
[2007/10/15 09:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[2004/11/25 05:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 08:50:43 | 000,204,850 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/26 08:50:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 08:50:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 08:50:36 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/05/26 08:49:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/26 08:48:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 08:40:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/26 08:21:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 07:55:28 | 116,046,799 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/24 20:33:58 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 17:13:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/22 14:59:02 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\linda\My Documents\Trojan.csv
[2011/05/14 09:23:00 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 08:58:16 | 000,146,573 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 15:35:28 | 000,048,904 | ---- | C] () -- C:\Documents and Settings\linda\Desktop\autoruns.chm
[2011/05/22 14:59:02 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\linda\My Documents\Trojan.csv
[2010/01/04 22:36:17 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/12/23 19:51:22 | 000,000,087 | ---- | C] () -- C:\WINDOWS\inst.ini
[2009/12/23 19:50:48 | 000,000,354 | ---- | C] () -- C:\WINDOWS\musicstr.ini
[2009/11/15 07:53:55 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/19 16:20:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/13 17:48:24 | 000,061,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 04:05:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/05/29 14:35:18 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/01 12:42:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.linda.ini
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VINFO.INI
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TT98.INI
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\FILTER3.INI
[2008/07/09 21:14:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\FFDREC.INI
[2008/07/05 21:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 21:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 21:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/23 03:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 21:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/13 04:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/06/03 23:11:07 | 000,000,088 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/21 14:20:27 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2008/05/21 14:20:27 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2008/05/12 20:41:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/10 23:45:52 | 000,001,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/10 17:56:25 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/10 14:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/10 14:34:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/05/10 13:55:25 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/05/07 23:59:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/07 23:56:38 | 000,322,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/07 17:17:36 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2008/05/07 17:17:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2008/05/07 17:17:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\HyperDrive.exe
[2008/05/07 17:17:35 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2008/05/07 17:17:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2008/05/07 17:17:35 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2008/05/07 17:17:35 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2008/05/07 17:17:35 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/05/07 17:17:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/07 17:17:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/07 17:17:34 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/05/07 17:17:34 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/05/07 17:17:34 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/05/07 17:17:34 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/05/07 17:17:34 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/05/07 17:08:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/05/07 16:33:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/05/07 16:28:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/29 02:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 02:43:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/06/29 02:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 02:43:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/06/29 02:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 02:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 02:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 02:43:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/06/29 02:43:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/29 02:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2006/11/03 02:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004/10/04 03:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 22:00:00 | 000,465,846 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 22:00:00 | 000,079,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/23 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >


Extras.txt


OTL Extras logfile created on: 26/05/2011 8:57:45 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\linda\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.42 Mb Total Physical Memory | 326.84 Mb Available Physical Memory | 31.97% Memory free
2.40 Gb Paging File | 1.80 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.15 Gb Free Space | 16.30% Space Free | Partition Type: NTFS
Drive D: | 19.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 153.35 Gb Total Space | 79.20 Gb Free Space | 51.65% Space Free | Partition Type: FAT32

Computer Name: LIN | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe" = C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows -- (Microsoft Corp.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam
"E:\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe" = E:\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV
"E:\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe" = E:\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization IV: Warlords
"E:\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe" = E:\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization IV: Warlords
"E:\Steam\steamapps\common\sherlock holmes nemesis\game.exe" = E:\Steam\steamapps\common\sherlock holmes nemesis\game.exe:*:Enabled:Sherlock Holmes: Nemesis
"E:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = E:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening
"E:\Steam\steamapps\common\civilization iv colonization\Colonization.exe" = E:\Steam\steamapps\common\civilization iv colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV: Colonization
"E:\Steam\steamapps\COMMON\world of goo\WorldOfGoo.exe" = E:\Steam\steamapps\COMMON\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo
"E:\Steam\steamapps\COMMON\loom\Loom.exe" = E:\Steam\steamapps\COMMON\loom\Loom.exe:*:Enabled:LOOM
"E:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = E:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock
"E:\Steam\steamapps\COMMON\prince of persia the sands of time\PrinceOfPersia.EXE" = E:\Steam\steamapps\COMMON\prince of persia the sands of time\PrinceOfPersia.EXE:*:Enabled:Prince of Persia: The Sands of Time
"E:\Steam\steamapps\COMMON\company of heroes\RelicCOH.exe" = E:\Steam\steamapps\COMMON\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes
"E:\Steam\steamapps\COMMON\company of heroes\HELP.HTM" = E:\Steam\steamapps\COMMON\company of heroes\HELP.HTM:*:Enabled:Company of Heroes
"F:\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe" = F:\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager
"F:\Steam\steamapps\common\company of heroes\RelicCOH.exe" = F:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:RelicCOH
"F:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = F:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\GameFace Messenger\GameFace.exe" = C:\Program Files\GameFace Messenger\GameFace.exe:*:Enabled:Messenger 2.0 -- (AceGain Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FB2CAEB-7AF7-49AD-8860-ED9194FA4ACB}" = Fun with Numbers & Puzzles
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7235252A-39A3-4889-AF58-18B82040310E}" = USB2.0 PC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AAEC5C-BA64-4655-A7B7-67874574530B}" = e-tax 2009
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B07938-0550-4937-9447-E0ECC04AB99D}" = ASUS GameFace Library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE744968-D093-4D28-AA34-5C32686FA6DF}" = VMware View Client
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"am-collapse" = COLLAPSE!
"AVG" = AVG 2011
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Common-Use Signing Interface" = Common-Use Signing Interface
"CSCLIB" = Canon Camera Support Core Library
"DjVu" = Lizardtech DjVu Control (autoinstall)
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"EOS Utility" = Canon Utilities EOS Utility
"GameFace_Messenger" = GameFace Messenger
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.3.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{92B07938-0550-4937-9447-E0ECC04AB99D}" = ASUS GameFace Library
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OVT Scanner" = Uninstall OVT Scanner
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PopCap Browser Plugin" = PopCap Browser Plugin
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Steam App 11040" = Sherlock Holmes: Nemesis
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 22000" = World of Goo
"Steam App 26800" = Braid
"Steam App 32310" = Indiana Jones and the Last Crusade
"Steam App 32340" = LOOM
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 4560" = Company of Heroes
"Steam App 6040" = The Dig
"Steam App 7670" = BioShock
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"TuneUp Utilities" = TuneUp Utilities
"ULTIMATER" = Microsoft Office Ultimate 2007
"Ultravnc2_is1" = UltraVNC 1.0.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Companion
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ron, I ran the program you suggested but it was unsuccessful. The program suggested that if it was unsuccessful to run it with security and virus protection disabled. I was able to disable AVG, but it still didn't work. I have had a quick look to see how to temporarily disable the firewall so that I can run it again to see if that works, but at this stage I can't find the instructions on how to do that.

Thanks very much for your help on this.
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
I don't think it's going to work. What this malware does is move all the shortcuts to your programs into a folder in a temp folder and set the hidden attribute on all your files. The temp folder was probably cleaned out by some of your attempts to fix the problem. You can look in C:\Documents and Settings\linda\Local Settings\Application Data\Temp and see if there are any folders. Normally it uses smtmp as the folder name and that is what both my otl script and unhide.exe look for. If it has started using a different folder then we can fix it.
  • 0

#6
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ron, I've checked out C:\Documents and Settings\linda\Local Settings\Application Data\Temp and C:\Documents and Settings\dim\Local Settings\Application Data\Temp and both temp folders are empty.

So where do I go from here?
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
http://www.raymond.c...-in-start-menu/ has a link at the bottom for a program:

http://www.winxptuto.../accrestore.zip

which will restore your Accessories. Download, Save, right click on it and Extract All then run the program.

That should help a little.

Start, Run, cmd, OK then type with an Enter after each line:

cd  \program files

dir  /s  *.exe  >  \junk.txt

notepad  \junk.txt


Copy and paste the text from notepad. IF it is too big you can attach it instead.

Ron
  • 0

#8
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks Ron. The accessories have been restored. This is the junk.txt file:



Volume in drive C has no label.
Volume Serial Number is 808C-04CB

Directory of C:\Program Files\Adobe\Acrobat.com

16/10/2008 05:02 PM 89,600 Acrobat.com.exe
1 File(s) 89,600 bytes

Directory of C:\Program Files\Adobe\Adobe Premiere Elements 7.0

16/09/2008 05:44 AM 5,219,712 Adobe Premiere Elements.exe
16/09/2008 05:44 AM 50,560 MPEGHDVExport.exe
16/09/2008 05:44 AM 79,232 PhotoshopServer.exe
16/09/2008 05:44 AM 58,752 pxhpinst.exe
16/09/2008 12:43 AM 85,504 WMEncodingHelper.exe
5 File(s) 5,493,760 bytes

Directory of C:\Program Files\Adobe\Adobe Premiere Elements 7.0\APD\Photo Downloader

16/09/2008 05:43 AM 4,724,096 Photodownloader.exe
1 File(s) 4,724,096 bytes

Directory of C:\Program Files\Adobe\Adobe Premiere Elements 7.0\SyncAgent

25/09/2009 11:15 PM 1,742,176 PhotoshopElementsSyncAgent.exe
1 File(s) 1,742,176 bytes

Directory of C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller

04/11/2010 06:24 AM 53,632 airappinstaller.exe
1 File(s) 53,632 bytes

Directory of C:\Program Files\Adobe\Photoshop Elements 7.0

16/09/2008 12:03 PM 2,954,592 AdobePhotoshopElementsMediaServer.exe
16/09/2008 12:05 PM 1,344,864 catalogtool.exe
16/09/2008 12:05 PM 4,724,064 PhotoDownloader.exe
16/09/2008 12:03 PM 2,942,304 Photoshop Elements 7.0.exe
16/09/2008 12:03 PM 41,878,880 PhotoshopElementsEditor.exe
16/09/2008 12:03 PM 169,312 PhotoshopElementsFileAgent.exe
16/09/2008 12:03 PM 32,331,104 PhotoshopElementsOrganizer.exe
25/09/2009 11:15 PM 1,742,176 PhotoshopElementsSyncAgent.exe
16/09/2008 12:05 PM 521,568 PseProxy.exe
9 File(s) 88,608,864 bytes

Directory of C:\Program Files\Adobe\Reader 9.0\Reader

27/02/2009 12:50 PM 251,224 A3DUtility.exe
27/02/2009 12:50 PM 279,952 AcroBroker.exe
27/02/2009 05:10 PM 349,544 AcroRd32.exe
27/02/2009 12:18 PM 15,216 AcroRd32Info.exe
27/02/2009 04:32 PM 26,464 AcroTextExtractor.exe
27/02/2009 12:54 PM 542,096 AdobeCollabSync.exe
27/02/2009 04:37 PM 99,704 Eula.exe
17/12/2008 02:19 PM 258,048 LogTransport2.exe
27/02/2009 12:56 PM 116,096 PDFPrevHndlrShim.exe
27/02/2009 05:10 PM 35,696 reader_sl.exe
10 File(s) 1,974,040 bytes

Directory of C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}

26/12/2010 09:10 PM 341,352 Setup.exe
1 File(s) 341,352 bytes

Directory of C:\Program Files\AGEIA Technologies\demos

01/04/2008 01:04 PM 232,389 Cloth.exe
27/03/2008 11:43 AM 214,982 Fluids.exe
27/03/2008 11:43 AM 196,116 Force Fields.exe
31/03/2008 11:28 PM 214,431 Rigid Bodies.exe
27/03/2008 11:43 AM 198,128 Soft Bodies.exe
5 File(s) 1,056,046 bytes

Directory of C:\Program Files\AGEIA Technologies\driver\x86\1.1.1.15

20/04/2007 06:57 AM 45,056 DIFxSetup.exe
25/05/2007 09:35 AM 81,920 rescanDevNode.exe
2 File(s) 126,976 bytes

Directory of C:\Program Files\Apple Software Update

22/10/2009 10:50 AM 561,952 SoftwareUpdate.exe
1 File(s) 561,952 bytes

Directory of C:\Program Files\ASUS\ASUS VideoSecurity

02/11/2006 12:33 AM 77,312 devcon.exe
07/07/2005 03:51 PM 147,456 EMail.exe
30/03/2007 05:32 PM 1,720,160 VideoSecurity.exe
3 File(s) 1,944,928 bytes

Directory of C:\Program Files\ASUS\GamerOSD

12/07/2007 10:03 AM 380,928 GamerOSD.exe
12/07/2007 10:03 AM 335,600 SBS.exe
2 File(s) 716,528 bytes

Directory of C:\Program Files\ASUS\SmartDoctor

23/06/2003 01:17 PM 65,536 2DTEST.EXE
08/12/2005 07:23 AM 20,480 HyperDrive.exe
18/07/2007 03:20 PM 1,114,112 SmartDoctor.exe
3 File(s) 1,200,128 bytes

Directory of C:\Program Files\AVG\AVG PC Tuneup 2011

30/11/2010 04:26 PM 749,384 BoostSpeed.exe
30/11/2010 04:26 PM 92,488 cdefrag.exe
30/11/2010 04:26 PM 491,336 DiskCleaner.exe
30/11/2010 04:26 PM 382,792 DiskDefrag.exe
30/11/2010 04:26 PM 238,920 DiskDoctor.exe
30/11/2010 04:26 PM 465,736 DiskExplorer.exe
30/11/2010 04:26 PM 201,544 DiskWiper.exe
30/11/2010 04:26 PM 207,688 DuplicateFileFinder.exe
30/11/2010 04:26 PM 399,176 FileRecovery.exe
30/11/2010 04:26 PM 196,424 FileShredder.exe
30/11/2010 04:26 PM 376,648 InternetOptimizer.exe
30/11/2010 04:26 PM 200,008 ProgramManager.exe
30/11/2010 04:26 PM 71,496 rdboot32.exe
30/11/2010 04:27 PM 83,784 rdboot64.exe
30/11/2010 04:27 PM 447,304 RegCleaner.exe
30/11/2010 04:27 PM 238,408 RegistryDefrag.exe
30/11/2010 04:27 PM 249,160 RescueCenter.exe
30/11/2010 04:27 PM 588,616 sendlog.exe
30/11/2010 04:27 PM 575,304 ServiceManager.exe
30/11/2010 04:27 PM 274,248 StartupManager.exe
30/11/2010 04:27 PM 650,568 SystemInformation.exe
30/11/2010 04:27 PM 312,648 TaskManager.exe
30/11/2010 04:27 PM 251,720 TrackEraser.exe
30/11/2010 04:27 PM 881,992 TweakManager.exe
26/12/2010 09:22 PM 765,256 unins000.exe
30/11/2010 04:27 PM 53,576 version.exe
26 File(s) 9,446,224 bytes

Directory of C:\Program Files\AVG\AVG10

08/02/2011 05:33 AM 580,960 avgcfgex.exe
16/03/2011 04:05 PM 656,736 avgchsvx.exe
20/04/2011 05:56 AM 1,559,392 avgcmgr.exe
03/05/2011 10:25 AM 3,769,184 avgcremx.exe
28/03/2011 03:00 AM 351,072 avgcsrvx.exe
13/04/2011 05:39 AM 3,832,672 avgdiagex.exe
08/02/2011 05:33 AM 278,880 avgdumpx.exe
16/03/2011 04:05 PM 1,025,888 avgemcx.exe
08/02/2011 05:33 AM 218,464 avglscanx.exe
21/05/2011 11:47 PM 4,350,792 avgmfapx.exe
14/04/2011 05:36 AM 1,080,672 avgnsx.exe
08/02/2011 05:33 AM 276,320 avgntdumpx.exe
08/02/2011 05:33 AM 658,784 avgrsx.exe
08/02/2011 05:33 AM 1,088,864 avgscanx.exe
09/02/2011 05:35 AM 1,265,504 avgsrmax.exe
22/04/2011 08:00 PM 1,694,016 AVGToolbarInstall.exe
18/04/2011 05:40 PM 2,334,560 avgtray.exe
14/04/2011 09:30 PM 3,588,960 avgui.exe
08/02/2011 05:33 AM 269,520 avgwdsvc.exe
08/02/2011 05:33 AM 754,120 avgwsc.exe
08/02/2011 05:33 AM 456,032 fixcfg.exe
14/04/2011 03:22 PM 775,496 SearchProvider.exe
22 File(s) 30,866,888 bytes

Directory of C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin

18/04/2011 05:39 PM 7,398,752 AVGIDSAgent.exe
10/02/2011 07:55 AM 1,148,256 AVGIDSMonitor.exe
2 File(s) 8,547,008 bytes

Directory of C:\Program Files\AVG\AVG10\Notification

13/05/2011 10:58 PM 1,885,512 AVGTBUpgrade2.exe
21/05/2011 11:49 PM 390,472 SPCheckerTE.exe
2 File(s) 2,275,984 bytes

Directory of C:\Program Files\AVG\AVG10\PCTuneup

12/04/2011 09:40 AM 414,024 MicroScanner.exe
1 File(s) 414,024 bytes

Directory of C:\Program Files\AVG\AVG10\Toolbar

18/03/2011 08:11 AM 947,528 ToolbarBroker.exe
1 File(s) 947,528 bytes

Directory of C:\Program Files\AVG\AVG10\Toolbar.old

25/11/2010 08:49 AM 517,448 ToolbarBroker.exe
1 File(s) 517,448 bytes

Directory of C:\Program Files\Bonjour

07/10/2010 11:23 AM 345,376 mDNSResponder.exe
1 File(s) 345,376 bytes

Directory of C:\Program Files\Canon\CAL

31/01/2007 01:55 PM 96,370 CALMAIN.exe
03/10/2006 01:51 PM 107,610 CALWLESS.exe
2 File(s) 203,980 bytes

Directory of C:\Program Files\Canon\CameraWindow\CameraWindowDC

27/06/2008 06:02 PM 942,080 CameraWindowDC.exe
1 File(s) 942,080 bytes

Directory of C:\Program Files\Canon\CameraWindow\CameraWindowDVC

07/09/2005 12:50 PM 372,736 CameraLauncherDVC.exe
21/05/2008 03:46 PM 602,112 CameraWindowCompDVC.exe
21/05/2008 03:36 PM 589,824 CamMenuLaunch.exe
07/09/2005 12:50 PM 622,592 RCTask.exe
4 File(s) 2,187,264 bytes

Directory of C:\Program Files\Canon\CameraWindow\CameraWindowDVC6

17/10/2006 03:44 PM 294,912 CameraLauncher.exe
24/04/2007 04:35 PM 716,800 CameraLauncherDVC6.exe
30/10/2007 11:05 AM 876,544 CameraWindowCompDVC6.exe
16/10/2006 10:53 AM 323,584 CamSetDlg.exe
18/04/2007 12:47 PM 425,984 DirectTransfer.exe
01/11/2006 08:55 AM 483,328 MyCameraDVC6.exe
6 File(s) 3,121,152 bytes

Directory of C:\Program Files\Canon\CameraWindow\CameraWindowLauncher

21/09/2007 08:20 AM 294,912 CameraLauncher.exe
1 File(s) 294,912 bytes

Directory of C:\Program Files\Canon\CameraWindow\MyCamera

12/06/2008 08:19 AM 434,176 MyCamera.exe
1 File(s) 434,176 bytes

Directory of C:\Program Files\Canon\CameraWindow\MyCameraDC

12/06/2008 08:18 AM 491,520 MyCameraDC.exe
1 File(s) 491,520 bytes

Directory of C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC

22/03/2007 01:31 PM 978,944 RCTask.exe
1 File(s) 978,944 bytes

Directory of C:\Program Files\Canon\CSCLIB

23/03/2005 05:02 PM 491,520 CDPROC.exe
23/03/2005 05:02 PM 376,832 CDPROCMN.exe
01/11/2004 01:21 PM 69,632 EWatch.exe
3 File(s) 937,984 bytes

Directory of C:\Program Files\Canon\EOS Utility

21/06/2006 12:54 PM 1,277,952 EOS Utility.exe
1 File(s) 1,277,952 bytes

Directory of C:\Program Files\Canon\PhotoStitch

13/03/2007 05:44 PM 94,208 360View.exe
22/05/2008 02:30 PM 974,848 stitch.exe
15/05/2008 01:47 PM 118,784 STLauncher.exe
13/03/2007 05:44 PM 77,824 STViewer.exe
4 File(s) 1,265,664 bytes

Directory of C:\Program Files\Canon\ZoomBrowser EX MCU

11/06/2008 04:23 PM 868,352 MCU.exe
11/06/2008 04:22 PM 1,703,936 MCULauncher.exe
11/06/2008 04:24 PM 364,544 MCULauncher_UL.exe
3 File(s) 2,936,832 bytes

Directory of C:\Program Files\CCleaner

25/01/2011 01:25 AM 2,200,376 CCleaner.exe
25/01/2011 01:27 AM 129,256 uninst.exe
2 File(s) 2,329,632 bytes

Directory of C:\Program Files\Common Files\Adobe\Updater6

08/01/2009 07:36 AM 93,048 AdobeUpdaterInstallMgr.exe
08/01/2009 07:36 AM 2,521,464 Adobe_Updater.exe
2 File(s) 2,614,512 bytes

Directory of C:\Program Files\Common Files\Adobe AIR\Versions\1.0

04/11/2010 06:24 AM 129,408 Adobe AIR Application Installer.exe
1 File(s) 129,408 bytes

Directory of C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources

04/11/2010 06:24 AM 102,272 Adobe AIR Updater.exe
04/11/2010 06:24 AM 53,632 airappinstaller.exe
04/11/2010 06:24 AM 59,392 template.exe
3 File(s) 215,296 bytes

Directory of C:\Program Files\Common Files\Apple\Apple Application Support

09/08/2010 11:00 PM 30,496 defaults.exe
06/02/2011 10:31 AM 13,088 distnoted.exe
09/08/2010 11:00 PM 19,232 plutil.exe
3 File(s) 62,816 bytes

Directory of C:\Program Files\Common Files\Apple\Mobile Device Support

18/02/2011 03:37 PM 37,664 AppleMobileBackup.exe
18/02/2011 03:46 PM 37,664 AppleMobileDeviceHelper.exe
18/02/2011 03:37 PM 37,664 AppleMobileDeviceService.exe
18/02/2011 03:46 PM 37,664 AppleMobileSync.exe
18/02/2011 03:37 PM 37,664 com.apple.IE.client.exe
18/02/2011 03:38 PM 37,664 com.apple.Outlook.client.exe
18/02/2011 03:38 PM 37,664 com.apple.Safari.client.exe
18/02/2011 03:40 PM 37,664 com.apple.WindowsContacts.client.exe
18/02/2011 03:46 PM 37,664 com.apple.WindowsMail.client.exe
18/02/2011 03:37 PM 37,664 com.google.ContactSync.client.exe
18/02/2011 03:40 PM 37,664 com.yahoo.go.sync.client.exe
18/02/2011 03:45 PM 37,664 MDCrashReportTool.exe
18/02/2011 03:39 PM 37,664 Mingler.exe
18/02/2011 03:39 PM 37,664 SyncDiagnostics.exe
18/02/2011 03:39 PM 37,664 syncli.exe
18/02/2011 03:39 PM 37,664 SyncPlanObserver.exe
18/02/2011 03:39 PM 37,664 SyncServer.exe
18/02/2011 03:46 PM 37,664 SyncUIHandler.exe
18/02/2011 03:39 PM 37,664 upgradedb.exe
19 File(s) 715,616 bytes

Directory of C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\Formatter.bundle\Contents\Windows

18/02/2011 03:40 PM 1,205,536 Formatter.exe
1 File(s) 1,205,536 bytes

Directory of C:\Program Files\Common Files\Canon\UIW\1.5.0.0

28/02/2008 07:05 PM 365,896 Uninst.exe
1 File(s) 365,896 bytes

Directory of C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32

04/04/2005 12:41 AM 778,240 IDriver.exe
04/04/2005 12:41 AM 778,240 IDriver2.exe
04/04/2005 12:41 AM 69,632 IDriverT.exe
3 File(s) 1,626,112 bytes

Directory of C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32

10/11/2003 06:18 PM 761,856 IDriver.exe
10/11/2003 06:18 PM 761,856 IDriver2.exe
2 File(s) 1,523,712 bytes

Directory of C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32

25/07/2002 03:07 PM 614,532 IKernel.exe
1 File(s) 614,532 bytes

Directory of C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32

02/08/2002 03:10 AM 5,632 DotNetInstaller.exe
1 File(s) 5,632 bytes

Directory of C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32

02/12/2002 03:22 PM 5,632 DotNetInstaller.exe
1 File(s) 5,632 bytes

Directory of C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32

10/11/2003 06:11 PM 5,632 DotNetInstaller.exe
1 File(s) 5,632 bytes

Directory of C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32

03/04/2005 10:59 PM 5,632 DotNetInstaller.exe
1 File(s) 5,632 bytes

Directory of C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32

13/11/2005 11:19 PM 5,632 DotNetInstaller.exe
1 File(s) 5,632 bytes

Directory of C:\Program Files\Common Files\Java\Java Update

14/05/2010 11:44 AM 252,648 jaucheck.exe
14/05/2010 11:44 AM 237,800 jaureg.exe
14/05/2010 11:44 AM 501,480 jucheck.exe
14/05/2010 11:44 AM 248,552 jusched.exe
4 File(s) 1,240,480 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12

14/12/2007 02:56 AM 3,584 launcher.exe
14/12/2007 02:56 AM 5,453,160 patchjre.exe
14/12/2007 02:56 AM 20,480 zipper.exe
3 File(s) 5,477,224 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02

25/03/2008 04:43 AM 3,584 launcher.exe
25/03/2008 04:43 AM 5,641,576 patchjre.exe
25/03/2008 04:43 AM 20,480 zipper.exe
3 File(s) 5,665,640 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06

10/06/2008 04:44 AM 3,584 launcher.exe
10/06/2008 04:44 AM 5,690,728 patchjre.exe
10/06/2008 04:44 AM 20,480 zipper.exe
3 File(s) 5,714,792 bytes

Directory of C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher

25/08/2009 04:47 PM 651,720 FNPLicensingService.exe
1 File(s) 651,720 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\Artgalry

22/12/1998 07:24 PM 745,511 ARTGALRY.EXE
22/12/1998 07:24 PM 36,898 CAG.EXE
2 File(s) 782,409 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\DW

04/11/2008 01:44 AM 814,464 DW20.EXE
04/11/2008 01:44 AM 435,096 DWTRIG20.EXE
2 File(s) 1,249,560 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\EQUATION

24/03/2003 02:59 PM 543,304 EQNEDT32.EXE
1 File(s) 543,304 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\MSInfo

23/08/2001 10:00 PM 39,936 msinfo32.exe
22/01/1999 06:29 PM 44,032 OFFPROV.EXE
26/10/2006 08:12 PM 87,352 OINFOP12.EXE
3 File(s) 171,320 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\OFFICE12

26/10/2006 08:13 PM 56,192 ACECNFLT.EXE
06/03/2009 05:10 AM 47,472 MSE7.EXE
26/10/2006 02:06 PM 93,968 MSOICONS.EXE
26/10/2006 09:41 PM 59,152 MSOXMLED.EXE
04/11/2008 01:06 AM 441,712 ODSERV.EXE
04/11/2008 01:06 AM 2,872,688 OFFDIAG.EXE
02/04/2009 12:02 PM 552,816 OFFLB.EXE
7 File(s) 4,124,000 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller

02/04/2009 01:06 PM 231,848 ODEPLOY.EXE
02/04/2009 01:06 PM 439,160 SETUP.EXE
2 File(s) 671,008 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\Smart Tag

02/04/2009 12:02 PM 14,720 SmartTagInstall.exe
1 File(s) 14,720 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\Source Engine

26/10/2006 02:03 PM 145,184 OSE.EXE
1 File(s) 145,184 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\Speech

23/08/2001 10:00 PM 36,864 sapisvr.exe
1 File(s) 36,864 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\VSTA\8.0\x86

26/10/2006 01:45 PM 20,160 vsta_ep32.exe
1 File(s) 20,160 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin

14/04/2008 10:12 AM 188,480 cfgwiz.exe
14/04/2008 10:12 AM 20,538 fpremadm.exe
20/03/1999 03:07 PM 167,936 FPSERVER.EXE
14/04/2008 10:12 AM 28,728 fpsrvadm.exe
20/03/1999 02:32 PM 16,444 HTIMAGE.EXE
20/03/1999 02:32 PM 16,445 IMAGEMAP.EXE
14/04/2008 10:12 AM 32,827 tcptest.exe
7 File(s) 471,398 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi

14/04/2008 10:12 AM 188,494 fpcount.exe
1 File(s) 188,494 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin

14/04/2008 10:12 AM 188,494 fpcount.exe
14/04/2008 10:12 AM 16,437 shtml.exe
2 File(s) 204,931 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm

14/04/2008 10:12 AM 16,439 admin.exe
1 File(s) 16,439 bytes

Directory of C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut

14/04/2008 10:12 AM 16,439 author.exe
1 File(s) 16,439 bytes

Directory of C:\Program Files\Common Files\Nokia\MPAPI

22/05/2008 02:05 PM 474,624 MPAPI3s.exe
1 File(s) 474,624 bytes

Directory of C:\Program Files\Common Files\Real\Update

09/05/2010 12:43 PM 10,752 nddeserv.exe
09/05/2010 12:43 PM 90,624 rnuninst.exe
09/05/2010 12:43 PM 84,480 upgrdhlp.exe
3 File(s) 185,856 bytes

Directory of C:\Program Files\Common-Use Signing Interface\JRE\bin

18/05/2007 12:14 PM 49,248 java.exe
18/05/2007 12:14 PM 45,171 javacpl.exe
18/05/2007 12:14 PM 53,346 javaw.exe
18/05/2007 12:14 PM 53,346 javawforcsi.exe
18/05/2007 12:14 PM 53,376 pack200.exe
18/05/2007 12:14 PM 127,101 unpack200.exe
6 File(s) 381,588 bytes

Directory of C:\Program Files\DIFX\270581355A767BF1

02/11/2006 07:22 AM 795,104 dpinst.exe
1 File(s) 795,104 bytes

Directory of C:\Program Files\DIFX\B4723E9A0713E5B1

26/08/2008 04:06 PM 800,824 dpinst.exe
1 File(s) 800,824 bytes

Directory of C:\Program Files\etax2010

14/07/2010 11:43 AM 12,949,504 etax2010.exe
14/07/2010 11:43 AM 729,600 etaxHelp.exe
2 File(s) 13,679,104 bytes

Directory of C:\Program Files\GameFace Messenger

02/11/2006 12:50 AM 2,154,496 GameFace.exe
1 File(s) 2,154,496 bytes

Directory of C:\Program Files\GameFace Messenger\LibInstall

04/04/2005 12:35 PM 1,708,856 instmsia.exe
04/04/2005 12:35 PM 1,822,520 instmsiw.exe
20/09/2006 05:23 PM 253,952 setup.exe
3 File(s) 3,785,328 bytes

Directory of C:\Program Files\GameFace Messenger\LibInstall\CheckExist

11/03/2002 12:45 PM 1,708,856 instmsia.exe
11/03/2002 01:06 PM 1,822,520 instmsiw.exe
20/09/2006 04:32 PM 229,376 setup.exe
3 File(s) 3,760,752 bytes

Directory of C:\Program Files\Google\Chrome\Application

07/05/2011 09:57 PM 1,010,232 chrome.exe
26/12/2010 09:10 PM 991,800 chrome_AVG_RESTORED.exe
26/12/2010 09:10 PM 991,800 chrome_AVG_RESTORED_1.exe
3 File(s) 2,993,832 bytes

Directory of C:\Program Files\Google\Chrome\Application\11.0.696.65

07/05/2011 05:20 AM 89,144 chrome_frame_helper.exe
07/05/2011 05:20 AM 92,216 chrome_launcher.exe
07/05/2011 05:21 AM 1,478,200 nacl64.exe
3 File(s) 1,659,560 bytes

Directory of C:\Program Files\Google\Chrome\Application\11.0.696.65\Installer

07/05/2011 11:13 PM 1,286,712 setup.exe
1 File(s) 1,286,712 bytes

Directory of C:\Program Files\Google\Chrome\Application\11.0.696.68

07/05/2011 09:55 PM 89,144 chrome_frame_helper.exe
07/05/2011 09:55 PM 92,216 chrome_launcher.exe
07/05/2011 09:57 PM 1,470,520 nacl64.exe
3 File(s) 1,651,880 bytes

Directory of C:\Program Files\Google\Chrome\Application\11.0.696.68\Installer

14/05/2011 09:22 AM 1,286,712 setup.exe
1 File(s) 1,286,712 bytes

Directory of C:\Program Files\Google\Common\Google Updater

11/04/2009 02:09 PM 183,280 GoogleUpdaterService.exe
1 File(s) 183,280 bytes

Directory of C:\Program Files\Google\Google Earth\client

02/09/2010 04:32 AM 50,176 earthflashsol.exe
02/09/2010 04:32 AM 69,632 googleearth.exe
02/09/2010 04:33 AM 259,072 gpsbabel.exe
3 File(s) 378,880 bytes

Directory of C:\Program Files\Google\Google Earth\plugin

02/09/2010 04:32 AM 69,632 geplugin.exe
1 File(s) 69,632 bytes

Directory of C:\Program Files\Google\Google Updater

11/04/2009 02:09 PM 161,776 GoogleUpdater.exe
1 File(s) 161,776 bytes

Directory of C:\Program Files\Google\Google Updater\2.4.1536.6592

11/04/2009 02:09 PM 227,824 GoogleUpdaterAdminPrefs.exe
11/04/2009 02:09 PM 169,968 GoogleUpdaterInstallMgr.exe
11/04/2009 02:09 PM 161,776 GoogleUpdaterRestartManager.exe
11/04/2009 02:09 PM 176,112 GoogleUpdaterSetup.exe
4 File(s) 735,680 bytes

Directory of C:\Program Files\Google\GoogleToolbarNotifier

11/04/2009 02:09 PM 39,408 GoogleToolbarNotifier.exe
1 File(s) 39,408 bytes

Directory of C:\Program Files\Google\Picasa3

14/04/2011 09:03 AM 624,120 moviethumb.exe
14/04/2011 09:03 AM 8,861,176 Picasa3.exe
14/04/2011 09:03 AM 4,380,152 PicasaPhotoViewer.exe
14/04/2011 09:03 AM 964,088 PicasaUpdater.exe
21/04/2011 04:55 PM 14,276,088 setup.exe
22/04/2011 01:24 PM 165,318 Uninstall.exe
6 File(s) 29,270,942 bytes

Directory of C:\Program Files\Google\Picasa3\cdautorun

14/04/2011 09:04 AM 1,824,248 PicasaCD.exe
14/04/2011 09:04 AM 1,181,176 PicasaRestore.exe
2 File(s) 3,005,424 bytes

Directory of C:\Program Files\Google\Picasa3\plugins\CDVDR

21/11/2008 05:19 AM 72,176 pxhpinst.exe
21/11/2008 05:19 AM 72,440 pxsetup.exe
2 File(s) 144,616 bytes

Directory of C:\Program Files\Google\Update

11/04/2009 02:14 PM 133,104 GoogleUpdate.exe
1 File(s) 133,104 bytes

Directory of C:\Program Files\Google\Update\1.3.21.53

13/05/2011 11:16 PM 140,952 GoogleCrashHandler.exe
13/05/2011 11:16 PM 136,176 GoogleUpdate.exe
13/05/2011 11:16 PM 59,032 GoogleUpdateBroker.exe
13/05/2011 11:16 PM 59,032 GoogleUpdateOnDemand.exe
4 File(s) 395,192 bytes

Directory of C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\11.0.696.68

13/05/2011 02:00 AM 920,120 chrome_updater.exe
1 File(s) 920,120 bytes

Directory of C:\Program Files\Google\Update\Download\{BB5489C1-97D4-4E3E-8103-9E9CEA096F49}

08/04/2011 02:48 AM 589,464 GoogleUpdateSetup.exe
1 File(s) 589,464 bytes

Directory of C:\Program Files\Hamachi

29/05/2009 02:36 PM 625,952 hamachi.exe
29/05/2009 02:36 PM 29,760 nicmgr.exe
29/05/2009 02:36 PM 149,800 uninstall.exe
3 File(s) 805,512 bytes

Directory of C:\Program Files\HP\Digital Imaging\bin

14/12/2004 11:29 PM 57,344 hpoews01.exe
14/12/2004 11:16 PM 225,280 hpofxm08.exe
14/12/2004 11:15 PM 188,416 hpofxs08.exe
14/12/2004 11:16 PM 36,864 hposfx08.exe
14/12/2004 11:13 PM 81,920 hposid01.exe
14/12/2004 11:15 PM 258,048 hpospd08.exe
14/12/2004 11:05 PM 20,480 hpostl08.exe
14/12/2004 11:04 PM 90,112 hposvc08.exe
16/07/2005 01:17 AM 57,344 hpqisc09.exe
04/11/2004 10:43 AM 876,544 hpqkygrp.exe
04/11/2004 08:21 PM 20,480 hpqpprop.exe
04/11/2004 11:44 AM 184,320 hpqscnvw.exe
04/11/2004 07:35 PM 40,960 hpqtax08.exe
14/12/2004 02:35 PM 689,232 hpqusgh.exe
14/12/2004 02:36 PM 738,384 hpqusgm.exe
14/12/2004 11:10 PM 1,613,824 hpqvwr08.exe
09/06/2004 11:14 PM 57,344 hpsjrreg.exe
14/12/2004 11:17 PM 450,560 hpzwiz01.exe
18 File(s) 5,687,456 bytes

Directory of C:\Program Files\HP\Digital Imaging\extcapuninstall

15/12/2004 02:36 AM 1,056,768 hpzmsi01.exe
15/12/2004 02:36 AM 757,760 hpzscr01.exe
2 File(s) 1,814,528 bytes

Directory of C:\Program Files\HP\Digital Imaging\uninstall

16/07/2005 01:17 AM 1,056,768 hpzmsi01.exe
16/07/2005 01:17 AM 757,760 hpzscr01.exe
2 File(s) 1,814,528 bytes

Directory of C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}

15/12/2004 02:36 AM 274,432 hpzglu12.exe
15/12/2004 02:36 AM 593,920 setup.exe
2 File(s) 868,352 bytes

Directory of C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\common\drivers\com_os

15/12/2004 02:36 AM 299,008 hpzcfg12.exe
15/12/2004 02:36 AM 659,456 hpzeng12.exe
15/12/2004 02:36 AM 331,776 hpzpre12.exe
15/12/2004 02:36 AM 401,408 hpzstc12.exe
15/12/2004 02:36 AM 180,224 hpzstw12.exe
15/12/2004 02:36 AM 176,128 hpztbu12.exe
15/12/2004 02:36 AM 7,348,224 hpztbx12.exe
7 File(s) 9,396,224 bytes

Directory of C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup

15/12/2004 02:36 AM 299,008 hpoapd01.exe
15/12/2004 02:36 AM 376,832 hpzcdl01.exe
15/12/2004 02:36 AM 593,920 hpzgat01.exe
15/12/2004 02:36 AM 1,056,768 hpzmsi01.exe
15/12/2004 02:36 AM 294,912 hpznop01.exe
15/12/2004 02:36 AM 372,736 hpzpsl01.exe
15/12/2004 02:36 AM 757,760 hpzscr01.exe
15/12/2004 02:36 AM 327,680 hpzwrp01.exe
8 File(s) 4,079,616 bytes

Directory of C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\util\aio

15/12/2004 02:37 AM 344,064 hpopdi05.exe
15/12/2004 02:37 AM 188,416 hpopin05.exe
2 File(s) 532,480 bytes

Directory of C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\util\common

15/12/2004 02:37 AM 57,344 hpqisc09.exe
15/12/2004 02:37 AM 196,608 hpzghl12.exe
15/12/2004 02:37 AM 172,032 hpzpin12.exe
3 File(s) 425,984 bytes

Directory of C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}

16/07/2005 01:17 AM 274,432 hpzglu12.exe
16/07/2005 01:17 AM 593,920 setup.exe
2 File(s) 868,352 bytes

Directory of C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\common\drivers\com_os

16/07/2005 01:17 AM 299,008 hpzcfg12.exe
16/07/2005 01:17 AM 659,456 hpzeng12.exe
16/07/2005 01:17 AM 331,776 hpzpre12.exe
16/07/2005 01:17 AM 401,408 hpzstc12.exe
16/07/2005 01:17 AM 180,224 hpzstw12.exe
16/07/2005 01:17 AM 176,128 hpztbu12.exe
16/07/2005 01:17 AM 7,348,224 hpztbx12.exe
7 File(s) 9,396,224 bytes

Directory of C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup

16/07/2005 01:17 AM 299,008 hpoapd01.exe
16/07/2005 01:17 AM 376,832 hpzcdl01.exe
16/07/2005 01:17 AM 593,920 hpzgat01.exe
16/07/2005 01:17 AM 1,056,768 hpzmsi01.exe
16/07/2005 01:17 AM 294,912 hpznop01.exe
16/07/2005 01:17 AM 372,736 hpzpsl01.exe
16/07/2005 01:17 AM 757,760 hpzscr01.exe
7 File(s) 3,751,936 bytes

Directory of C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\util\aio

16/07/2005 01:17 AM 344,064 hpopdi05.exe
16/07/2005 01:17 AM 188,416 hpopin05.exe
2 File(s) 532,480 bytes

Directory of C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\util\common

16/07/2005 01:17 AM 57,344 hpqisc09.exe
16/07/2005 01:17 AM 196,608 hpzghl12.exe
16/07/2005 01:17 AM 172,032 hpzpin12.exe
3 File(s) 425,984 bytes

Directory of C:\Program Files\HP\HP Software Update

13/09/2004 03:49 PM 49,152 hpwuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\Program Files\HP\Product Assistant\bin

13/09/2004 03:53 PM 77,824 hprblog.exe
13/09/2004 03:53 PM 143,360 hprbui.exe
13/09/2004 03:53 PM 45,056 hprbUpdate.exe
3 File(s) 266,240 bytes

Directory of C:\Program Files\HP\Temp\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup

15/12/2004 02:36 AM 1,056,768 hpzmsi01.exe
15/12/2004 02:36 AM 684,032 hpzrcv01.exe
15/12/2004 02:36 AM 757,760 hpzscr01.exe
3 File(s) 2,498,560 bytes

Directory of C:\Program Files\ImageConverter Plus

08/07/2008 05:11 PM 11,264 ih.exe
1 File(s) 11,264 bytes

Directory of C:\Program Files\InstallShield Installation Information\{0FB2CAEB-7AF7-49AD-8860-ED9194FA4ACB}

02/12/2002 03:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}

05/09/2001 03:23 AM 56,320 Setup.exe
1 File(s) 56,320 bytes

Directory of C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}

07/04/2005 09:39 AM 121,064 setup.exe
1 File(s) 121,064 bytes

Directory of C:\Program Files\InstallShield Installation Information\{7235252A-39A3-4889-AF58-18B82040310E}

09/05/2010 12:57 PM 455,600 setup.exe
1 File(s) 455,600 bytes

Directory of C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}

16/03/2010 11:54 AM 98,296 setup.exe
1 File(s) 98,296 bytes

Directory of C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}

20/01/2007 05:46 AM 455,600 setup.exe
1 File(s) 455,600 bytes

Directory of C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

14/11/2005 04:24 PM 121,064 setup.exe
1 File(s) 121,064 bytes

Directory of C:\Program Files\InstallShield Installation Information\{F6234880-85BE-4DCB-8A45-1FF85A1A8552}

25/08/2009 04:58 PM 336,072 setup.exe
1 File(s) 336,072 bytes

Directory of C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}

14/11/2005 04:24 PM 121,064 setup.exe
1 File(s) 121,064 bytes

Directory of C:\Program Files\Internet Explorer

08/03/2009 04:35 AM 144,384 ExtExport.exe
14/04/2008 10:12 AM 18,432 iedw.exe
08/03/2009 02:09 PM 638,816 iexplore.exe
3 File(s) 801,632 bytes

Directory of C:\Program Files\Internet Explorer\Connection Wizard

14/04/2008 10:12 AM 214,528 icwconn1.exe
14/04/2008 10:12 AM 86,016 icwconn2.exe
14/04/2008 10:12 AM 24,576 icwrmind.exe
23/08/2001 10:00 PM 73,728 icwtutor.exe
14/04/2008 10:12 AM 20,480 inetwiz.exe
23/08/2001 10:00 PM 16,384 isignup.exe
6 File(s) 435,712 bytes

Directory of C:\Program Files\iPod\bin

07/03/2011 02:33 PM 820,520 iPodService.exe
1 File(s) 820,520 bytes

Directory of C:\Program Files\iTunes

07/03/2011 02:33 PM 9,776,936 iTunes.exe
07/03/2011 02:33 PM 421,160 iTunesHelper.exe
07/03/2011 02:33 PM 425,768 iTunesPhotoProcessor.exe
3 File(s) 10,623,864 bytes

Directory of C:\Program Files\Java\jre1.6.0_04\bin

14/12/2007 12:21 AM 25,088 java-rmi.exe
13/12/2007 11:57 PM 135,168 java.exe
14/12/2007 12:59 AM 49,152 javacpl.exe
13/12/2007 11:57 PM 135,168 javaw.exe
14/12/2007 12:59 AM 139,264 javaws.exe
14/12/2007 02:42 AM 329,104 jucheck.exe
14/12/2007 02:42 AM 54,672 jureg.exe
14/12/2007 02:42 AM 144,784 jusched.exe
14/12/2007 12:09 AM 25,600 keytool.exe
14/12/2007 12:10 AM 25,600 kinit.exe
14/12/2007 12:10 AM 25,600 klist.exe
14/12/2007 12:10 AM 25,600 ktab.exe
14/12/2007 12:28 AM 25,600 orbd.exe
14/12/2007 12:28 AM 25,600 pack200.exe
14/12/2007 12:10 AM 25,600 policytool.exe
14/12/2007 12:20 AM 25,600 rmid.exe
14/12/2007 12:20 AM 25,600 rmiregistry.exe
14/12/2007 12:28 AM 25,600 servertool.exe
14/12/2007 12:28 AM 26,112 tnameserv.exe
14/12/2007 12:28 AM 122,880 unpack200.exe
20 File(s) 1,417,392 bytes

Directory of C:\Program Files\Java\jre1.6.0_06\bin

25/03/2008 01:54 AM 25,088 java-rmi.exe
25/03/2008 01:28 AM 135,168 java.exe
25/03/2008 02:37 AM 49,152 javacpl.exe
25/03/2008 01:28 AM 135,168 javaw.exe
25/03/2008 02:37 AM 139,264 javaws.exe
25/03/2008 04:28 AM 329,104 jucheck.exe
25/03/2008 04:28 AM 54,672 jureg.exe
25/03/2008 04:28 AM 144,784 jusched.exe
25/03/2008 01:42 AM 25,600 keytool.exe
25/03/2008 01:43 AM 25,600 kinit.exe
25/03/2008 01:43 AM 25,600 klist.exe
25/03/2008 01:43 AM 25,600 ktab.exe
25/03/2008 02:02 AM 25,600 orbd.exe
25/03/2008 02:03 AM 25,600 pack200.exe
25/03/2008 01:43 AM 25,600 policytool.exe
25/03/2008 01:54 AM 25,600 rmid.exe
25/03/2008 01:54 AM 25,600 rmiregistry.exe
25/03/2008 02:02 AM 25,600 servertool.exe
25/03/2008 02:02 AM 26,112 tnameserv.exe
25/03/2008 02:03 AM 122,880 unpack200.exe
20 File(s) 1,417,392 bytes

Directory of C:\Program Files\Java\jre1.6.0_07\bin

10/06/2008 01:47 AM 25,088 java-rmi.exe
10/06/2008 01:21 AM 135,168 java.exe
10/06/2008 02:32 AM 49,152 javacpl.exe
10/06/2008 01:21 AM 135,168 javaw.exe
10/06/2008 02:32 AM 139,264 javaws.exe
10/06/2008 04:27 AM 329,104 jucheck.exe
10/06/2008 04:27 AM 54,672 jureg.exe
10/06/2008 04:27 AM 144,784 jusched.exe
10/06/2008 01:35 AM 25,600 keytool.exe
10/06/2008 01:36 AM 25,600 kinit.exe
10/06/2008 01:36 AM 25,600 klist.exe
10/06/2008 01:36 AM 25,600 ktab.exe
10/06/2008 01:56 AM 25,600 orbd.exe
10/06/2008 01:56 AM 25,600 pack200.exe
10/06/2008 01:36 AM 25,600 policytool.exe
10/06/2008 01:47 AM 25,600 rmid.exe
10/06/2008 01:47 AM 25,600 rmiregistry.exe
10/06/2008 01:56 AM 25,600 servertool.exe
10/06/2008 02:32 AM 7,168 ssvagent.exe
10/06/2008 01:55 AM 26,112 tnameserv.exe
10/06/2008 01:56 AM 122,880 unpack200.exe
21 File(s) 1,424,560 bytes

Directory of C:\Program Files\Java\jre6\bin

04/09/2010 01:44 PM 33,568 java-rmi.exe
04/09/2010 01:44 PM 145,184 java.exe
04/09/2010 01:44 PM 59,168 javacpl.exe
04/09/2010 01:44 PM 145,184 javaw.exe
04/09/2010 01:44 PM 153,376 javaws.exe
04/09/2010 01:44 PM 79,648 jbroker.exe
04/09/2010 01:44 PM 23,328 jp2launcher.exe
04/09/2010 01:44 PM 153,376 jqs.exe
04/09/2010 01:44 PM 55,072 jqsnotify.exe
04/09/2010 01:44 PM 33,568 keytool.exe
04/09/2010 01:44 PM 33,568 kinit.exe
04/09/2010 01:44 PM 33,568 klist.exe
04/09/2010 01:44 PM 33,568 ktab.exe
04/09/2010 01:44 PM 33,568 orbd.exe
04/09/2010 01:44 PM 33,568 pack200.exe
04/09/2010 01:44 PM 33,568 policytool.exe
04/09/2010 01:44 PM 33,568 rmid.exe
04/09/2010 01:44 PM 33,568 rmiregistry.exe
04/09/2010 01:44 PM 33,568 servertool.exe
04/09/2010 01:44 PM 30,496 ssvagent.exe
04/09/2010 01:44 PM 33,568 tnameserv.exe
04/09/2010 01:44 PM 132,896 unpack200.exe
22 File(s) 1,380,544 bytes

Directory of C:\Program Files\LizardTech\Lizardtech DjVu Control

04/02/2007 10:03 PM 208,896 DjVuViewer.exe
1 File(s) 208,896 bytes

Directory of C:\Program Files\Messenger

14/04/2008 10:12 AM 1,695,232 msmsgs.exe
1 File(s) 1,695,232 bytes

Directory of C:\Program Files\MFInstall

10/05/2007 09:36 AM 77,824 MFSetup.exe
1 File(s) 77,824 bytes

Directory of C:\Program Files\microsoft frontpage\version3.0\bin

14/04/2008 10:12 AM 15,120 fp98sadm.exe
14/04/2008 10:12 AM 109,840 fp98swin.exe
14/04/2008 10:12 AM 16,449 fpsrvadm.exe
14/04/2008 10:12 AM 65,601 fpsrvwin.exe
4 File(s) 207,010 bytes

Directory of C:\Program Files\Microsoft Office\Office

20/03/1999 11:06 PM 1,990,730 FRONTPG.EXE
21/03/1999 06:00 PM 1,843,246 GRAPH9.EXE
20/03/1999 03:09 PM 233,520 MSIMPORT.EXE
12/07/1997 02:37 AM 3,072 MSO7FTP.EXE
12/07/1997 02:37 AM 3,072 MSO7FTPA.EXE
12/07/1997 02:37 AM 3,072 MSO7FTPS.EXE
10/02/1999 02:14 PM 41,011 MSOHTMED.EXE
18/02/1999 02:05 PM 65,588 OSA9.EXE
20/03/1999 03:09 PM 581,679 VTIDISC.EXE
20/03/1999 03:09 PM 139,311 VTIFORM.EXE
20/03/1999 03:09 PM 733,231 VTIPRES.EXE
11 File(s) 5,637,532 bytes

Directory of C:\Program Files\Microsoft Office\Office\1033

02/02/1999 02:18 PM 122,939 MSOHELP.EXE
1 File(s) 122,939 bytes

Directory of C:\Program Files\Microsoft Office\Office12

26/10/2006 02:05 PM 1,165,584 ACCICONS.EXE
04/11/2008 03:47 AM 205,680 CLVIEW.EXE
11/03/2009 06:01 PM 140,104 CNFNOT32.EXE
12/02/2009 03:19 PM 233,832 DRAT.EXE
06/03/2009 04:04 AM 105,856 DSSM.EXE
17/08/2009 09:48 PM 18,341,216 EXCEL.EXE
17/08/2009 11:39 PM 15,119,720 excelcnv.exe
02/04/2009 09:44 PM 2,532,224 GRAPH.EXE
14/02/2009 06:03 AM 337,264 GROOVE.EXE
25/10/2008 11:44 AM 65,888 GrooveAuditService.exe
25/10/2008 11:44 AM 33,632 GrooveClean.exe
25/10/2008 11:44 AM 317,800 GrooveMigrator.exe
25/10/2008 11:44 AM 31,072 GrooveMonitor.exe
25/10/2008 11:44 AM 16,752 GrooveStdURLLauncher.exe
04/11/2008 12:40 AM 1,442,160 INFOPATH.EXE
06/03/2009 02:37 AM 10,222,432 MSACCESS.EXE
10/11/2008 10:50 AM 68,472 MSOHTMED.EXE
13/03/2009 12:10 AM 9,589,104 MSPUB.EXE
06/03/2009 05:05 AM 671,072 MSQRY32.EXE
06/03/2009 05:16 AM 832,344 MSTORDB.EXE
06/03/2009 05:16 AM 144,728 MSTORE.EXE
04/11/2008 01:24 AM 274,808 OIS.EXE
24/11/2008 10:16 PM 1,020,776 ONENOTE.EXE
25/10/2008 08:18 AM 98,696 ONENOTEM.EXE
17/08/2009 09:54 PM 12,957,536 OUTLOOK.EXE
26/02/2009 01:06 PM 521,080 POWERPNT.EXE
10/11/2008 02:41 AM 2,014,584 PPTVIEW.EXE
06/03/2009 04:26 AM 770,464 REGFORM.EXE
11/03/2009 06:01 PM 54,088 SCANOST.EXE
30/05/2009 12:27 AM 37,264 SCANPST.EXE
25/10/2008 06:19 AM 503,688 SELFCERT.EXE
06/03/2009 05:04 AM 33,152 SETLANG.EXE
05/08/2009 12:14 AM 32,128 VPREVIEW.EXE
17/04/2009 03:35 AM 408,424 WINWORD.EXE
26/02/2009 05:45 PM 20,808 Wordconv.exe
35 File(s) 80,364,432 bytes

Directory of C:\Program Files\Microsoft Office\Office12\1033

26/10/2006 08:24 PM 44,880 ONELEV.EXE
1 File(s) 44,880 bytes

Directory of C:\Program Files\Movie Maker

14/04/2008 10:12 AM 3,558,912 moviemk.exe
1 File(s) 3,558,912 bytes

Directory of C:\Program Files\Mozilla Firefox

07/03/2011 11:26 AM 107,480 crashreporter.exe
07/03/2011 11:26 AM 912,344 firefox.exe
07/03/2011 11:26 AM 16,856 plugin-container.exe
07/03/2011 11:26 AM 245,208 updater.exe
4 File(s) 1,281,888 bytes

Directory of C:\Program Files\Mozilla Firefox\uninstall

07/03/2011 11:26 AM 552,376 helper.exe
1 File(s) 552,376 bytes

Directory of C:\Program Files\MSN\MSNCoreFiles\Install

17/07/2004 11:41 AM 1,327,320 msnsusii.exe
1 File(s) 1,327,320 bytes

Directory of C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components

17/07/2004 11:41 AM 884,712 Digcore.exe
17/07/2004 11:41 AM 11,053,008 Msncli.exe
2 File(s) 11,937,720 bytes

Directory of C:\Program Files\MSN\MSNIA

07/01/2004 11:37 AM 2,339,328 msniasvc.exe
07/01/2004 11:37 AM 25,600 prestp.exe
2 File(s) 2,364,928 bytes

Directory of C:\Program Files\MSN\MsnInstaller

20/01/2004 05:44 PM 132,608 msninst.exe
1 File(s) 132,608 bytes

Directory of C:\Program Files\MSN Gaming Zone\Windows

23/08/2001 10:00 PM 42,577 bckgzm.exe
23/08/2001 10:00 PM 42,575 chkrzm.exe
23/08/2001 10:00 PM 42,573 hrtzzm.exe
23/08/2001 10:00 PM 42,574 Rvsezm.exe
23/08/2001 10:00 PM 42,573 shvlzm.exe
23/08/2001 10:00 PM 36,937 zClientm.exe
6 File(s) 249,809 bytes

Directory of C:\Program Files\MSN Messenger

31/08/2007 05:58 PM 152,992 dw.exe
04/09/2007 03:40 PM 6,856,704 msnmsgr.exe
2 File(s) 7,009,696 bytes

Directory of C:\Program Files\NetMeeting

23/08/2001 10:00 PM 12,288 cb32.exe
14/04/2008 10:12 AM 1,032,192 conf.exe
23/08/2001 10:00 PM 12,288 wb32.exe
3 File(s) 1,056,768 bytes

Directory of C:\Program Files\Nodtronics\Fun with Numbers & Puzzles

27/07/2005 10:52 AM 4,774,806 Fwnap.exe
1 File(s) 4,774,806 bytes

Directory of C:\Program Files\Nokia\Connectivity Cable Driver

13/10/2010 09:42 AM 72,584 setupextcmb.exe
1 File(s) 72,584 bytes

Directory of C:\Program Files\Nokia\Nokia PC Suite 7

21/12/2010 11:27 AM 300,544 ApplicationInstaller.exe
11/10/2010 09:12 AM 225,280 CommunicationCentre.exe
02/09/2009 09:51 AM 82,432 ConnectionManager.exe
21/12/2010 11:32 AM 1,484,288 ContentCopier.exe
02/11/2009 09:26 AM 41,472 ConversionHandler.exe
22/11/2010 10:49 AM 262,144 GetConnected.exe
21/12/2010 11:23 AM 233,984 ImageStore.exe
21/12/2010 11:26 AM 162,304 OneTouchAccess.exe
21/12/2010 11:53 AM 1,483,264 PCSuite.exe
03/12/2010 02:16 PM 753,664 PcSync2.exe
03/12/2010 02:13 PM 274,432 PCSyncLV.exe
21/12/2010 12:58 PM 1,798,144 VideoManager.exe
12 File(s) 7,101,952 bytes

Directory of C:\Program Files\Nokia\Nokia PC Suite 7\Inf

02/11/2006 07:22 AM 795,104 DPInst.exe
1 File(s) 795,104 bytes

Directory of C:\Program Files\Outlook Express

14/04/2008 10:12 AM 60,416 msimn.exe
14/04/2008 10:12 AM 60,416 oemig50.exe
14/04/2008 10:12 AM 73,216 setup50.exe
14/04/2008 10:12 AM 46,080 wab.exe
14/04/2008 10:12 AM 30,208 wabmig.exe
5 File(s) 270,336 bytes

Directory of C:\Program Files\PC Connectivity Solution

26/08/2008 04:06 PM 800,824 DPInst.exe
23/11/2010 02:55 PM 77,312 NclInstaller.exe
08/12/2010 02:31 PM 628,736 ServiceLayer.exe
3 File(s) 1,506,872 bytes

Directory of C:\Program Files\PC Connectivity Solution\Transports

29/10/2009 01:03 PM 159,744 NclBCBTSrv.exe
27/10/2009 09:13 AM 90,112 NclIrSrv.exe
07/06/2010 12:51 PM 141,312 NclIVTBTSrv.exe
11/05/2010 10:11 AM 134,144 NclMSBTSrv.exe
11/05/2010 10:16 AM 140,288 NclMSBTSrvEx.exe
27/10/2009 09:15 AM 120,832 NclRSSrv.exe
19/01/2010 11:24 AM 137,728 NclToBTSrv.exe
16/11/2010 02:48 PM 152,576 NclUSBSrv.exe
8 File(s) 1,076,736 bytes

Directory of C:\Program Files\Photo Story 3 for Windows

11/11/2004 05:36 PM 102,912 PhotoStory3.exe
1 File(s) 102,912 bytes

Directory of C:\Program Files\PopCap Games\PopCap Browser Plugin

31/07/2008 05:52 PM 284,184 Uninstall.exe
1 File(s) 284,184 bytes

Directory of C:\Program Files\QuickTime

29/11/2010 04:38 PM 561,152 PictureViewer.exe
29/11/2010 05:14 PM 824,608 QTInfo.exe
29/11/2010 04:38 PM 421,888 QTTask.exe
29/11/2010 05:19 PM 1,234,224 QuickTimePlayer.exe
4 File(s) 3,041,872 bytes

Directory of C:\Program Files\QuickTime\QTSystem

29/11/2010 04:38 PM 189,728 ExportController.exe
29/11/2010 04:38 PM 98,304 QuickTimeUpdateHelper.exe
2 File(s) 288,032 bytes

Directory of C:\Program Files\Real\RealPlayer

09/05/2010 12:43 PM 26,112 realplay.exe
1 File(s) 26,112 bytes

Directory of C:\Program Files\Real\RealPlayer\Setup

09/05/2010 12:43 PM 25,088 .g2cln.exe
09/05/2010 12:43 PM 4,802,051 setup.exe
2 File(s) 4,827,139 bytes

Directory of C:\Program Files\RealArcade\Installer\bin

16/09/2010 11:30 AM 39,528 bstrapInstall.exe
09/09/2010 11:26 AM 37,992 gameinstaller.exe
09/09/2010 11:26 AM 37,992 gamewrapper.exe
09/09/2010 11:26 AM 246,272 UnRar.exe
4 File(s) 361,784 bytes

Directory of C:\Program Files\Realtek\Audio\InstallShield

19/06/2008 04:20 PM 57,344 Alcmtr.exe
19/06/2008 04:42 PM 2,808,832 AlcWzrd.exe
01/08/2006 03:02 PM 49,152 ChCfg.exe
30/03/2006 06:58 PM 37,376 CPLUtl64.exe
10/01/2005 11:15 AM 720,088 KB888111xpsp2.exe
28/06/2007 04:44 PM 2,165,760 MicCal.exe
27/06/2008 11:23 AM 16,875,008 RTHDCPL.exe
19/06/2008 04:27 PM 9,715,200 RTLCPL.exe
02/04/2008 09:27 AM 1,196,032 RtlUpd.exe
02/04/2008 09:27 AM 1,364,480 RtlUpd64.exe
20/11/2007 06:15 PM 1,826,816 SkyTel.exe
18/06/2008 06:01 PM 77,824 SoundMan.exe
12 File(s) 36,893,912 bytes

Directory of C:\Program Files\Realtek AC97

31/07/2006 11:27 AM 217,088 alcrmv.exe
31/07/2006 11:27 AM 316,416 alcrmv64.exe
01/08/2006 03:02 PM 49,152 ChCfg.exe
31/03/2006 12:23 PM 37,376 CPLUtl64.exe
08/12/2006 03:20 PM 10,528,768 RTLCPL.exe
16/04/2007 03:28 PM 577,536 SoundMan.exe
6 File(s) 11,726,336 bytes

Directory of C:\Program Files\TuneUp Utilities 2010

19/04/2010 09:51 PM 144,200 DiskDoctor.exe
19/04/2010 09:51 PM 435,528 DiskExplorer.exe
19/04/2010 09:51 PM 246,088 DriveDefrag.exe
19/04/2010 09:52 PM 581,960 GainDiskSpace.exe
19/04/2010 09:51 PM 577,864 Integrator.exe
19/04/2010 09:52 PM 136,520 LiveOptimizer.exe
19/04/2010 09:51 PM 112,456 MemOptimizer.exe
19/04/2010 09:51 PM 645,448 OneClick.exe
19/04/2010 09:51 PM 346,440 OneClickStarter.exe
19/04/2010 09:52 PM 546,632 PerformanceOptimizer.exe
19/04/2010 09:51 PM 31,048 PMLauncher.exe
19/04/2010 09:51 PM 362,824 ProcessManager.exe
19/04/2010 09:51 PM 311,112 RegistryCleaner.exe
19/04/2010 09:51 PM 144,712 RegistryDefrag.exe
19/04/2010 09:51 PM 15,688 RegistryDefragHelper.exe
19/04/2010 09:51 PM 314,696 RegistryEditor.exe
19/04/2010 09:51 PM 105,288 RegWiz.exe
19/04/2010 09:51 PM 155,976 RepairWizard.exe
19/04/2010 09:52 PM 143,176 Report.exe
19/04/2010 09:51 PM 173,896 RescueCenter.exe
19/04/2010 09:51 PM 246,600 ShortcutCleaner.exe
19/04/2010 09:51 PM 148,808 Shredder.exe
19/04/2010 09:52 PM 1,045,832 SilentUpdater.exe
19/04/2010 09:51 PM 310,088 StartUpManager.exe
19/04/2010 09:52 PM 461,640 StartupOptimizer.exe
19/04/2010 09:52 PM 120,648 SystemControl.exe
19/04/2010 09:52 PM 298,312 SystemInformation.exe
19/04/2010 09:52 PM 94,024 TUInstallHelper.exe
19/04/2010 09:52 PM 99,144 TUMessages.exe
07/05/2010 11:22 AM 435,016 TuneUpDefragService.exe
19/04/2010 09:51 PM 225,608 TuneUpSystemStatusCheck.exe
19/04/2010 09:47 PM 719,688 TuneUpUtilitiesApp32.exe
19/04/2010 09:45 PM 1,050,440 TuneUpUtilitiesService32.exe
19/04/2010 09:52 PM 113,480 TurboConfig.exe
19/04/2010 09:48 PM 30,536 TURegOpt32.exe
19/04/2010 09:48 PM 55,624 TUUUnInstallHelper.exe
19/04/2010 09:42 PM 11,592 tux64thk.exe
19/04/2010 09:52 PM 207,688 Undelete.exe
19/04/2010 09:52 PM 241,480 UninstallManager.exe
19/04/2010 09:52 PM 217,928 UpdateWizard.exe
19/04/2010 09:52 PM 947,528 WinStyler.exe
41 File(s) 12,613,256 bytes

Directory of C:\Program Files\Ulead Systems\Ulead VideoStudio 7 SE VCD

07/11/2001 03:22 PM 180,224 BurnIxa.exe
14/04/2003 03:55 PM 1,499,136 vstudio.exe
2 File(s) 1,679,360 bytes

Directory of C:\Program Files\Ulead Systems\Ulead VideoStudio 7 SE VCD\ppp

09/01/2003 01:25 PM 131,131 MGCview.exe
1 File(s) 131,131 bytes

Directory of C:\Program Files\UltraVNC

12/05/2008 05:06 PM 58,944 check_install.exe
12/05/2008 05:05 PM 104,000 MSLogonACL.exe
30/05/2008 08:02 PM 984,409 unins000.exe
12/05/2008 05:05 PM 1,295,936 vncviewer.exe
12/05/2008 05:05 PM 1,386,048 winvnc.exe
5 File(s) 3,829,337 bytes

Directory of C:\Program Files\USB2.0 PC Camera

25/01/2010 04:24 PM 81,920 CamApp.exe
04/01/2009 04:26 PM 28,672 CamAppSTI.exe
30/07/2009 09:41 AM 20,480 Install_driver.exe
17/02/2009 09:19 AM 24,576 Remove_driver.exe
4 File(s) 155,648 bytes

Directory of C:\Program Files\utorrent

10/11/2009 06:22 PM 289,072 utorrent.exe
1 File(s) 289,072 bytes

Directory of C:\Program Files\Ventrilo

22/04/2009 09:11 PM 1,675,776 Ventrilo.exe
1 File(s) 1,675,776 bytes

Directory of C:\Program Files\VMware\VMware View\Client\bin

18/11/2009 11:10 AM 995,328 vmware-remotemks-container.exe
18/11/2009 11:10 AM 2,019,328 vmware-remotemks.exe
18/11/2009 11:18 AM 151,552 wsnm.exe
18/11/2009 11:26 AM 543,280 wswc.exe
4 File(s) 3,709,488 bytes

Directory of C:\Program Files\VMware\VMware View\Client\DCT

18/11/2009 11:21 AM 643,072 ws_diag.exe
18/11/2009 11:11 AM 142,128 zip.exe
2 File(s) 785,200 bytes

Directory of C:\Program Files\Winamp

12/09/2008 10:47 AM 137,284 UninstWA.exe
04/08/2008 09:04 AM 1,345,376 winamp.exe
04/08/2008 09:02 AM 36,352 winampa.exe
3 File(s) 1,519,012 bytes

Directory of C:\Program Files\Winamp Toolbar

12/09/2008 10:47 AM 64,577 uninstall.exe
17/07/2008 06:51 AM 140,592 winampTbServer.exe
2 File(s) 205,169 bytes

Directory of C:\Program Files\Windows Desktop Search

26/05/2008 10:19 PM 123,904 WindowsSearch.exe
1 File(s) 123,904 bytes

Directory of C:\Program Files\Windows Media Components\Encoder

11/12/2002 07:38 PM 186,696 dw15.exe
11/12/2002 07:38 PM 41,018 settmp.exe
11/12/2002 07:38 PM 132,224 wmasfdist.exe
11/12/2002 07:38 PM 178,176 wmeditor.exe
11/12/2002 07:38 PM 613,888 wmenc.exe
11/12/2002 07:38 PM 49,152 WMEncAgt.exe
11/12/2002 07:38 PM 4,085,904 wmfdist.exe
11/12/2002 07:38 PM 32,256 WMProEdt.exe
11/12/2002 07:38 PM 32,256 wmstreamedt.exe
11/12/2002 07:38 PM 231,056 wmstypelib.exe
10 File(s) 5,582,626 bytes

Directory of C:\Program Files\Windows Media Connect 2

18/10/2006 09:58 PM 8,704 wmccds.exe
18/10/2006 09:58 PM 8,704 WMCCFG.exe
2 File(s) 17,408 bytes

Directory of C:\Program Files\Windows Media Player

04/08/2004 12:56 AM 786,432 migrate.exe
14/04/2008 10:12 AM 4,639 mplayer2.exe
01/11/2006 06:31 PM 1,669,120 setup_wm.exe
18/10/2006 08:04 PM 493,568 wmdbexport.exe
18/10/2006 08:05 PM 241,664 wmlaunch.exe
18/10/2006 08:05 PM 25,600 wmpenc.exe
18/10/2006 09:46 PM 64,000 wmplayer.exe
18/10/2006 08:05 PM 913,408 wmpnetwk.exe
18/10/2006 08:05 PM 204,288 wmpnscfg.exe
18/10/2006 08:04 PM 36,864 wmpshare.exe
01/11/2006 06:31 PM 1,669,120 wmsetsdk.exe
11 File(s) 6,108,703 bytes

Directory of C:\Program Files\Windows NT

14/04/2008 10:12 AM 539,136 dialer.exe
23/08/2001 10:00 PM 28,160 hypertrm.exe
2 File(s) 567,296 bytes

Directory of C:\Program Files\Windows NT\Accessories

21/04/2008 10:08 PM 215,552 wordpad.exe
1 File(s) 215,552 bytes

Directory of C:\Program Files\Windows NT\Pinball

14/04/2008 10:12 AM 281,088 pinball.exe
1 File(s) 281,088 bytes

Directory of C:\Program Files\WinRAR

19/06/2009 10:42 PM 378,368 Rar.exe
02/06/2009 01:16 AM 114,688 RarExtLoader.exe
19/06/2009 10:43 PM 120,320 Uninstall.exe
19/06/2009 10:42 PM 246,272 UnRAR.exe
19/06/2009 10:42 PM 1,035,264 WinRAR.exe
5 File(s) 1,894,912 bytes

Directory of C:\Program Files\XP Codec Pack

26/12/2008 04:12 PM 106,579 Uninstall.exe
1 File(s) 106,579 bytes

Directory of C:\Program Files\XP Codec Pack\filters

09/07/2008 07:05 PM 20,480 ac3config.exe
01/07/2008 01:47 AM 16,384 dialog_patch.exe
2 File(s) 36,864 bytes

Directory of C:\Program Files\XP Codec Pack\mpc

11/12/2008 12:14 AM 4,411,392 mplayerc.exe
1 File(s) 4,411,392 bytes

Directory of C:\Program Files\XP Codec Pack\real

03/11/2006 02:10 AM 165,888 HFE.exe
1 File(s) 165,888 bytes

Directory of C:\Program Files\XP Codec Pack\sherlock

03/11/2006 02:10 AM 80,912 sherlock2.exe
1 File(s) 80,912 bytes

Total Files Listed:
707 File(s) 587,414,318 bytes
0 Dir(s) 13,000,032,256 bytes free
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
Let's try something.

Download the attached file and save it. Right click on it and hit Extract All then change the destination to read: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools then Extract.

Go to Start, All Programs, Administrative Tools and see if the links are back (and working).

Ron
  • 0

#10
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks Ron, they are back and seem to be working, although to be honest that folder wasn't what I meant when I referred to Administrative Tools.... I was talking about the tools that I use on a semi-regular basis that are found under System Tools on the Program menu - and these are now back and working too. I still have a problem with a lot of the other links on the All Programs list with either programs missing completely or links that are broken. Are you able to help me with these or should I be directing this question to a different part of the forum?
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
The links you see when you do All Programs are made up of folders and shortcuts from two different folders. Most of them are in

C:\Documents and Settings\All Users\Start Menu\Programs
and a few are in
C:\Documents and Settings\username\Start Menu\Programs\

where username is your login name.


If you have the system set to see hidden and system files you should have no problem seeing the folders on a working system.

Close all programs so that you are at your desktop.
Double-click on the My Computer icon or alternatively right click on Start and select Explore.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

There is no way we know of to automatically restore these links and folders. They are created when you install a program and are different on every PC. One way to get them back for one program is to reinstall it.

Many programs are available for download. Those from HP, RealPlayer, Apple, Adobe, Canon, Google and Java should definitely be available. I would uninstall them first then download the latest version and reinstall. Your Java is obsolete so it needs to be reinstalled anyway. Adobe also needs to be updated. IE may require special handling to reinstall:http://support.microsoft.com/kb/318378

If you have the disk for a program like MS Office then the simple thing to do is to reinstall it.

Another way which we have just proven works is to find a PC with the same program and copy the appropriate folder from C:\Documents and Settings\All Users\Start Menu\Programs

The last way and the most work is to recreate the shortcuts. For those programs which you can't reinstall and don't have on a friends' PC you can do the following.

Let's say you want Word to work and you don't have the Office install disk any more.

Word's executable program is WINWORD.EXE which from your earlier post is located in C:\Program Files\Microsoft Office\Office12. So you navigate to C:\Program Files\Microsoft Office\Office12 and find winword.exe and right click on it and Create Shortcut. It will create one in the same folder. Find the shortcut and drag it to the appropriate folder of
C:\Documents and Settings\All Users\Start Menu\Programs and let go. If you want Excel, its exe program is EXCEL.EXE, Outlook is Outlook.exe, Powerpoint is POWERPNT.EXE and they are all in the same folder.

Does that sound like something you can do?

Ron

PS I will be going on vacation Sunday for 12 days. Internet access may not be available in the hotel each night so my replies may be a lot slower than normal.
  • 0

#12
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks Ron... I've just run through your explanation and tested it on Word, and it worked fine, so I think that's the way I'll go. That might be quicker than hunting up the disks and reinstalling the programs... although I will update the stuff that can be downloaded such as Java, Apple etc.

Looking at my husbands program list (he is the user 'dim') I see that there is a shortcut for Windows XP Recovery there.... I believe this is the virus that caused us all the problems in the first place.... there is an "Uninstall Windows XP Recovery" option, but I'm very reluctant to click on that in case it causes more problems. I right-clicked the shortcut and it's target is "C:\Documents and Settings\All Users\Application Data\15785764.exe" When I try to click another tab in the properties box I get an error message saying there is a problem with the shortcut, and to check the path and file name are correct. Does this mean that the virus is still on the computer, or only a shortcut to a now non-existent file?

Also I ran an AVG scan after turning the computer on today and it found and isolated Trojan Horse Downloader. Generic11.AECM and under Rootkits has in File: C:\WINDOWS\System32\Drivers\NDISRD.SYS the Infection: tcpip.sys, hooked import NDIS.SYS NdisRegisterProtocol->NDISRD.SYS +0x2710 Result: Object is hidden Is this something I should be worrying about? I won't do anything else on this computer until I'm sure I have all this sorted.

Thanks again for your help, and enjoy your holiday :-)
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP
The shortcut for "Uninstall Windows XP Recovery" should be deleted. It goes to 15785764.exe which we have already removed. I don't know anyone who has tried the uninstall option for this malware but typically they don't uninstall just reinstall or make things work.

I'll give you my goodbye speech now but wait until you are finished making you shortcuts to use OTL's cleanup as it will hide system files again.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.

OTL has a Cleanup option if you run it again it will remove itself and its backups as well as some other tools.



You do not have the latest Java (Java™ 6 Update 25). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
If you use Firefox go into tools, Add-ons and make sure that CAFEEFAC-0016-0000-00xx-ABCDEFFEDCBA is not enabled where xx is any number but 25. CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA is OK but any others should be disabled or uninstalled. Java seems to have a real problem removing the old consoles from Firefox. Having multiple Java consoles will make Firefox very sluggish and slow to start.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron

WE are leaving on vacation in a few minutes so my replies will be much slower for the next 12 days. Depends on whether the hotel has Internet access or not.



.
  • 0

#14
LinBetz

LinBetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ron

Thanks for all the information. I now have my files reinstalled/shortcuts restored and additional security programs running. Hopefully that will keep me running for a while without any further problems.

Many thanks

Linda
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP