Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

start menu and windows xp recovery virus


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi the programming guys have been working on this and come up with a few solutions

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
[attachment=50719:Repair.zip]
To use this download the attached zip file
Extract the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu
Posted Image
Posted Image
  • 0

Advertisements


#17
dropdeadhomer

dropdeadhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Evening,

I have run the fix above and now have plenty of things in my "start menu, all programmes", thanks.

However, some of the original ones are still showing as empty. For example, Games and system startup are still showing in the "original" part of "all programmes" and are still empty but have not been recovered by the fix, yet Itunes is empty in the "Original" part of all programmes but populated in the "new part" with various sub files.

New OTL report below
OTL logfile created on: 10/06/2011 17:04:51 - Run 7
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Keeley Bebb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.04 Mb Total Physical Memory | 534.13 Mb Available Physical Memory | 52.67% Memory free
2.38 Gb Paging File | 2.10 Gb Available in Paging File | 88.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.63 Gb Total Space | 68.28 Gb Free Space | 80.67% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.21 Gb Free Space | 16.10% Space Free | Partition Type: FAT32

Computer Name: PC157215695224 | User Name: Keeley Bebb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 17:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keeley Bebb\Desktop\OTL.exe
PRC - [2011/04/19 17:39:06 | 000,177,616 | R--- | M] (iS3, Inc.) -- c:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 11:39:14 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/12/24 05:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 17:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keeley Bebb\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2008/03/27 11:39:14 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)


========== Driver Services (SafeList) ==========

DRV - [2010/09/16 13:49:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2007/03/22 15:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/08/20 20:08:43 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/14 19:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/01 17:54:48 | 000,003,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SP39371\winphlash\FLASH1.sys -- (Flash1)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 16:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 16:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 16:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51152
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 21:00:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 18:24:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 18:24:08 | 000,000,000 | ---D | M]

[2008/12/18 11:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keeley Bebb\Application Data\Mozilla\Extensions
[2011/06/03 17:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keeley Bebb\Application Data\Mozilla\Firefox\Profiles\rl2webje.default\extensions
[2009/09/11 06:46:15 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Keeley Bebb\Application Data\Mozilla\Firefox\Profiles\rl2webje.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/01 18:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KEELEY BEBB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RL2WEBJE.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/01/04 18:00:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/09 18:31:04 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://flashcasino....en/FlashAX2.cab (Flash Casino Helper Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 18:35:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/09 18:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/09 18:35:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/09 18:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/09 18:34:08 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Keeley Bebb\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/08 21:47:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Keeley Bebb\Recent
[2011/06/08 18:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keeley Bebb\Desktop\RK_Quarantine
[2011/06/07 19:28:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/07 18:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/06/06 17:20:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Keeley Bebb\Desktop\OTL.exe
[2011/06/06 14:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\bebb1
[2011/06/06 11:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/06 11:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keeley Bebb\Application Data\RegistryKeys
[2011/06/06 11:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedingUpMyPC
[2011/05/28 08:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2009/09/08 07:19:52 | 008,060,048 | ---- | C] (PC Tools ) -- C:\Program Files\rminstall.exe
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/10 17:04:10 | 000,382,202 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/10 17:04:10 | 000,054,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/10 17:00:02 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/10 16:59:58 | 000,001,663 | ---- | M] () -- C:\hpqp.ini
[2011/06/10 16:59:56 | 000,000,041 | ---- | M] () -- C:\XP_TV.ini
[2011/06/10 16:59:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/10 16:59:38 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 16:59:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/10 16:59:33 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 16:07:45 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Keeley Bebb\Desktop\Windows XP Tips - Ramesh.url
[2011/06/09 19:44:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 18:35:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/09 18:34:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Keeley Bebb\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/09 18:31:04 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 18:14:01 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Keeley Bebb\Desktop\RogueKiller.exe
[2011/06/08 17:29:05 | 000,003,142 | ---- | M] () -- C:\Documents and Settings\Keeley Bebb\Application Data\wklnhst.dat
[2011/06/07 18:41:21 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/06 17:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keeley Bebb\Desktop\OTL.exe
[2011/06/06 14:48:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 08:37:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 17:00:02 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/10 15:57:31 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Desktop\Windows XP Tips - Ramesh.url
[2011/06/09 18:35:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 18:14:07 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Desktop\RogueKiller.exe
[2011/06/08 17:17:50 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/08 17:17:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/08 17:17:49 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/06/08 17:17:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/08 17:17:49 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/06/08 17:17:49 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/08 17:17:49 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/08 17:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/08 17:17:49 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2011/06/07 18:42:01 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/05 20:59:36 | 000,023,088 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/03/09 19:10:18 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/03/08 14:24:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/19 18:24:57 | 000,050,576 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/12/31 15:05:16 | 000,139,775 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2008/12/31 15:05:16 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2008/01/17 10:16:24 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/17 10:00:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/17 21:54:07 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/17 21:53:39 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/08/21 17:51:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/21 17:47:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2006/08/21 00:24:41 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Local Settings\Application Data\fusioncache.dat
[2006/08/20 20:14:33 | 000,003,142 | ---- | C] () -- C:\Documents and Settings\Keeley Bebb\Application Data\wklnhst.dat
[2006/08/20 19:16:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\WSBar.dll
[2006/08/20 19:16:27 | 000,122,631 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2006/07/26 19:48:20 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/27 18:00:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/27 18:00:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 17:24:48 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/27 17:20:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 17:07:26 | 000,382,202 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/27 17:07:26 | 000,054,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/27 17:03:30 | 000,251,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/27 16:59:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/27 16:56:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/02 19:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/05/06 03:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 22:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 22:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2008/01/14 20:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2010/10/31 09:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/06/10 17:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/08/28 18:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/01/15 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 18:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 11:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/08 08:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/06 11:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keeley Bebb\Application Data\RegistryKeys
[2006/08/21 18:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keeley Bebb\Application Data\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\System32\Üż:@^pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\ž:@_pctlsp.log
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok just going to flash up my XP and see where games are stored...

Was even the new I tunes folder without the executable file ?
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What folders are the missing shortcuts located in ? As I can adjust the vbs programme to collect those folders
  • 0

#20
dropdeadhomer

dropdeadhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nope, the new ITunes had the executable file.

Sorry to be bit thick, but how do i find what folders the missing bits are in for you?
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I had no games on my VM - What I would like is the location of the Games folders i.e. is there a folder on the C drive called games that holds them or is it a series of different folders

For the empty folders that are duplicates just delete them
  • 0

#22
dropdeadhomer

dropdeadhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Morning Essex,

Gotta say, i'm a tad confused now....
I've just searched "all files and folders" for the system restore folder that's showing in the start menu....and the only thing that came up was the start menu entry itself, in otherwords, the search couldn't find anything apart from the empty entry in the all programmes list.

When i searched for games i found entries for
C:\I386
C:\WINDOWS\inf
C:\Program Files\Microsoft Works\1033\Tasks
C:\SwSetup\MSWorks\O2\PFILES\MSWORKS\1033\Tasks

On the new list that we've populated, am i only interested in the .exe files?
for example, STOPZILLA now has entries for 9 different .exefiles and Itunes has 3 .exe files but also 5 other sub lists, each of which the entries are empty

Finally, is system restore something i should be considering?

Cheers
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes the VBS programme restores all exe files as it does not know which ones are required. I am afraid the games folder will need to be repopulated by reinstalling the games

What I will do now is remove my tools and reset your restore points - on completion we will see if we can resolve any outstanding problems

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP