Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Missing shortcuts in start menu and quick launch toolbar

Started by SFAdad , May 16 2011 08:02 PM

  • This topic is locked This topic is locked

#1
SFAdad
Posted 16 May 2011 - 08:02 PM

SFAdad

    Member

  • Member
  • PipPip
  • 47 posts
My computer was recently attacked by (XP Security 2011 and Windows XP Recovery 2011).

I ran RKILL to stop the process and then ran Malwarebytes to clean out the malwre.
After that all of my desktop shortcuts and files were gone as was my quick launch tool bar Icons. I also noticed that many of the shortcuts were missing from the start menu.
The next thing I did was run Unhide.exe. That brought back most of my desktop shortcuts and files but not all. The shortcuts in the start menu apeared to come back but folders in the menu are still empty.
The quick launch toolbar is there but all shortcuts are missing.

Windows XP Pro V 2002 SP3

Thanks in advance for the help.

OTL log

OTL logfile created on: 5/15/2011 1:24:46 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 136.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.56 Gb Free Space | 49.32% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
PRC - C:\WINDOWS\system32\lxddcoms.exe ( )
PRC - C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (lxddCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe ()
SRV - (lxdd_device) -- C:\WINDOWS\System32\lxddcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011/01/25 20:47:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} http://smartdownload...ew/launcher.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1254669903656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 21:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 13:14:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/05/15 12:50:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/05/14 00:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\HiJackThis
[2011/05/14 00:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/14 00:43:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/14 00:33:49 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/05/13 23:28:33 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2011/05/13 20:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Windows XP Recovery
[2011/05/13 20:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\{B0E51C96-8948-4D7E-B45D-AA755BF63616}
[2011/05/12 20:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\FaxCtr
[2011/05/09 14:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\BrowserPlus
[2011/05/09 14:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Yahoo!
[2011/04/23 10:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2011/04/23 10:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2011/04/23 10:36:08 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMGMAN32.DLL
[2011/04/23 10:36:08 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMHOST32.DLL
[2011/04/23 10:36:08 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XPNG.DEL
[2011/04/23 10:36:08 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XTIF.DEL
[2011/04/23 10:36:08 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31IMG.DIL
[2011/04/23 10:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark Fax Solutions
[2011/04/23 10:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2009/12/22 22:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 22:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 04:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 04:41:37 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 09:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 09:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 09:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 09:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 09:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 09:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 09:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 09:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 08:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 08:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 08:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 13:29:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/15 13:27:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/05/15 13:23:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 12:50:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/05/15 01:38:21 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/05/15 01:23:16 | 000,001,394 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
[2011/05/15 01:23:16 | 000,001,394 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
[2011/05/15 01:22:56 | 000,212,949 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\gnf.exe
[2011/05/15 00:36:14 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\unhide.exe
[2011/05/15 00:24:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/15 00:24:33 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 22:27:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/05/14 00:58:26 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HiJackThis.lnk
[2011/05/14 00:57:33 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HijackThis.msi
[2011/05/14 00:33:35 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/05/13 23:29:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 23:28:33 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2011/05/13 23:02:53 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16703268r
[2011/05/13 23:02:53 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16703268
[2011/05/13 21:50:02 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16703268
[2011/05/13 20:51:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fxaheba.bin
[2011/05/13 20:51:07 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Srobusuqikuwa.dat
[2011/05/13 20:48:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake
[2011/04/23 10:38:46 | 000,147,905 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/04/17 03:13:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/17 03:09:40 | 000,580,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 03:09:40 | 000,128,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/15 13:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/15 01:23:03 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
[2011/05/15 01:23:03 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
[2011/05/15 01:22:56 | 000,212,949 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\gnf.exe
[2011/05/15 00:36:11 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\unhide.exe
[2011/05/14 00:58:12 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HiJackThis.lnk
[2011/05/14 00:57:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HijackThis.msi
[2011/05/13 22:06:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 21:02:08 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16703268r
[2011/05/13 21:02:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16703268
[2011/05/13 20:58:18 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16703268
[2011/05/13 20:51:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fxaheba.bin
[2011/05/13 20:51:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Srobusuqikuwa.dat
[2011/05/13 20:48:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake
[2011/04/23 10:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 10:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 10:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 10:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2011/03/07 22:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\934284662
[2011/03/07 22:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\934284662
[2010/09/25 22:08:18 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\hgksfg.bat
[2010/06/20 19:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 19:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 19:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 19:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 19:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 19:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 23:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/18 00:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 22:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 22:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 22:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 11:00:25 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 23:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 23:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 21:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 21:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 21:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 13:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 13:55:24 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 23:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 16:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,580,334 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,128,020 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/04/24 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 23:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/24 11:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/24 13:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/26 00:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\EurekaLog
[2010/02/19 23:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/14 00:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 21:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2010/07/15 20:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 22:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2010/10/30 18:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/05/15 13:29:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/15 01:38:21 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 16 May 2011 - 11:56 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello SFAdad and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/13 20:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Windows XP Recovery
    [2011/05/15 01:23:16 | 000,001,394 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
    [2011/05/15 01:23:16 | 000,001,394 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
    [2011/05/15 01:22:56 | 000,212,949 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\gnf.exe
    [2011/05/13 23:02:53 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16703268r
    [2011/05/13 23:02:53 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16703268
    [2011/05/13 21:50:02 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16703268
    [2011/05/13 20:51:07 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Srobusuqikuwa.dat
    [2011/05/13 20:48:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\Srobusuqikuwa.dat
    C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake
    C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
    C:\Documents and Settings\Michael\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
%temp%\smtmp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#3
SFAdad
Posted 17 May 2011 - 06:50 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the fix it log.

========== OTL ==========
C:\Documents and Settings\Michael\Start Menu\Programs\Windows XP Recovery folder moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366 moved successfully.
C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366 moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\gnf.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\~16703268r moved successfully.
C:\Documents and Settings\All Users\Application Data\~16703268 moved successfully.
C:\Documents and Settings\All Users\Application Data\16703268 moved successfully.
C:\WINDOWS\Srobusuqikuwa.dat moved successfully.
C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\Srobusuqikuwa.dat not found.
File\Folder C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake not found.
File\Folder C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366 not found.
File\Folder C:\Documents and Settings\Michael\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366 not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_193402
  • 0

#4
SFAdad
Posted 17 May 2011 - 07:01 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OTL logfile created on: 5/17/2011 7:52:22 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.93 Gb Free Space | 50.00% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxddcoms.exe ( )
PRC - C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (lxddCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe ()
SRV - (lxdd_device) -- C:\WINDOWS\System32\lxddcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (MpKslb2064b03) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{793CFB96-56DB-42B9-B6C8-84807FA15CD6}\MpKslb2064b03.sys (Microsoft Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011/01/25 20:47:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} http://smartdownload...ew/launcher.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1254669903656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 21:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 19:34:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/05/17 19:34:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 20:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\PackageAware
[2011/05/15 12:50:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/05/14 00:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\HiJackThis
[2011/05/14 00:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/14 00:43:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/14 00:33:49 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/05/13 23:28:33 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2011/05/13 20:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\{B0E51C96-8948-4D7E-B45D-AA755BF63616}
[2011/05/12 20:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\FaxCtr
[2011/05/09 14:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\BrowserPlus
[2011/05/09 14:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Yahoo!
[2011/04/23 10:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2011/04/23 10:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2011/04/23 10:36:08 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMGMAN32.DLL
[2011/04/23 10:36:08 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMHOST32.DLL
[2011/04/23 10:36:08 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XPNG.DEL
[2011/04/23 10:36:08 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XTIF.DEL
[2011/04/23 10:36:08 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31IMG.DIL
[2011/04/23 10:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark Fax Solutions
[2011/04/23 10:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2009/12/22 22:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 22:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 04:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 04:41:37 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 09:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 09:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 09:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 09:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 09:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 09:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 09:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 09:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 08:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 08:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 08:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 19:41:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/17 19:36:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/17 19:27:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/05/17 06:51:01 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/05/16 22:27:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/05/15 12:50:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/05/15 00:36:14 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\unhide.exe
[2011/05/15 00:24:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/15 00:24:33 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 00:58:26 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HiJackThis.lnk
[2011/05/14 00:57:33 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HijackThis.msi
[2011/05/14 00:33:35 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/05/13 23:29:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 23:28:33 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2011/05/13 20:51:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fxaheba.bin
[2011/04/23 10:38:46 | 000,147,905 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/15 13:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/15 00:36:11 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\unhide.exe
[2011/05/14 00:58:12 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HiJackThis.lnk
[2011/05/14 00:57:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HijackThis.msi
[2011/05/13 22:06:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 20:51:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fxaheba.bin
[2011/04/23 10:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 10:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 10:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 10:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2011/03/07 22:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\934284662
[2011/03/07 22:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\934284662
[2010/09/25 22:08:18 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\hgksfg.bat
[2010/06/20 19:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 19:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 19:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 19:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 19:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 19:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 23:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/18 00:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 22:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 22:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 22:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 11:00:25 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 23:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 23:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 21:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 21:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 21:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 13:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 13:55:24 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 23:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 16:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,580,334 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,128,020 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/04/24 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 23:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/24 11:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/24 13:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/26 00:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\EurekaLog
[2010/02/19 23:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/14 00:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 21:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2010/07/15 20:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 22:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2010/10/30 18:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/05/17 19:41:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/17 06:51:01 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



========== Custom Scans ==========


< %temp%\smtmp /s >
[22 C:\DOCUME~1\Michael\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\Michael\LOCALS~1\Temp\*.tmp -> ]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Michael\Local Settings\Application Data\gnf.exe" -a "C:\Program Files\Intern"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#5
SFAdad
Posted 17 May 2011 - 07:27 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the extras log

OTL Extras logfile created on: 5/17/2011 8:23:07 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 182.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.91 Gb Free Space | 49.96% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Michael\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Michael\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4800D75D-4697-4D6B-9B3B-0BF36245B95C}" = RSA SecurID Token for Windows Desktops
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59EC5F32-D8D7-3909-B0CB-255AD09F5993}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{822944D4-BC5D-44AE-9315-16C174D318B0}" = Photo Explosion
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{9311A75A-D83D-37B5-8D49-88E7F5AB2762}" = Microsoft .NET Framework 3.5 Language Pack - ita
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982755B5-03A1-40B7-8F4A-13C17238D688}" = MemoriesOnTV
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"EasyGPS_is1" = EasyGPS 3.53
"GSAK_is1" = GSAK 7.7.3.45 (patch)
"ie8" = Windows Internet Explorer 8
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - ita" = Microsoft .NET Framework 3.5 - Language Pack (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mtg_vm0w" = World western Topo Map
"mti_tx" = Texas Topo Map
"MVApplication1" = Memorex exPressit Label Design Studio
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROSet" = Intel® PRO Ethernet Adapter and Software
"trail_100k" = trail_100k
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 1.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Term_Services" = Juniper Terminal Services Client
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2010 9:19:26 PM | Computer Name = MICHAEL-02YGOYZ | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 10/14/2010 9:17:08 PM | Computer Name = MICHAEL-02YGOYZ | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 10/24/2010 9:55:13 PM | Computer Name = MICHAEL-02YGOYZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/24/2010 9:55:13 PM | Computer Name = MICHAEL-02YGOYZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/24/2010 9:55:24 PM | Computer Name = MICHAEL-02YGOYZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/24/2010 9:55:24 PM | Computer Name = MICHAEL-02YGOYZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/30/2010 1:12:43 AM | Computer Name = MICHAEL-02YGOYZ | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting
module unknown, version 0.0.0.0, fault address 0x001a63cb.

Error - 10/30/2010 1:16:39 AM | Computer Name = MICHAEL-02YGOYZ | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting
module unknown, version 0.0.0.0, fault address 0x001a63cb.

Error - 10/30/2010 1:18:57 AM | Computer Name = MICHAEL-02YGOYZ | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting
module unknown, version 0.0.0.0, fault address 0x001a63cb.

Error - 10/30/2010 7:38:48 PM | Computer Name = MICHAEL-02YGOYZ | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting
module unknown, version 0.0.0.0, fault address 0x001a63cb.

[ System Events ]
Error - 5/15/2011 2:22:46 PM | Computer Name = MICHAEL-02YGOYZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/15/2011 2:23:48 PM | Computer Name = MICHAEL-02YGOYZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 5/15/2011 2:23:48 PM | Computer Name = MICHAEL-02YGOYZ | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 5/15/2011 2:25:18 PM | Computer Name = MICHAEL-02YGOYZ | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 5/16/2011 2:29:13 PM | Computer Name = MICHAEL-02YGOYZ | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.1742.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/17/2011 2:29:15 PM | Computer Name = MICHAEL-02YGOYZ | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.1742.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/17/2011 8:36:52 PM | Computer Name = MICHAEL-02YGOYZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 5/17/2011 8:36:52 PM | Computer Name = MICHAEL-02YGOYZ | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 5/17/2011 8:37:07 PM | Computer Name = MICHAEL-02YGOYZ | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 5/17/2011 8:38:47 PM | Computer Name = MICHAEL-02YGOYZ | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >
  • 0

#6
maliprog
Posted 17 May 2011 - 11:47 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SFAdad,

We removed virus files. Let's try to find your icon if they are still there. We will run this different scan now so please read it once before running it.

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on None button
  • Under the Custom Scan box paste this in
%temp%\smtmp\*.* /s
%temp%\*.lnk /s
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#7
SFAdad
Posted 18 May 2011 - 06:36 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Heres the latest log.


OTL logfile created on: 5/18/2011 7:34:09 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 281.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 27.90 Gb Free Space | 49.94% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< %temp%\smtmp\*.* /s >
[2009/10/05 21:55:37 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\desktop.ini
[2009/10/05 21:55:37 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2009/09/27 21:05:36 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2009/10/03 23:05:13 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2009/10/03 23:53:38 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
[2010/05/30 18:48:16 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2009/09/27 13:55:54 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2009/10/09 23:06:57 | 000,000,622 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\EasyGPS.lnk
[2011/03/07 22:22:56 | 000,001,680 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Security Essentials.lnk
[2009/09/27 21:02:23 | 000,001,844 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
[2010/06/02 23:07:57 | 000,001,690 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\PowerDVD.lnk
[2009/10/05 22:49:58 | 000,000,955 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
[2010/08/01 12:07:10 | 000,001,077 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Live ID.lnk
[2009/10/04 01:40:50 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2009/12/22 22:20:44 | 000,002,044 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
[2009/12/22 22:20:44 | 000,000,842 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
[2009/10/05 23:41:04 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2011/04/23 10:26:58 | 000,000,320 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/05/31 16:09:24 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/10/05 21:55:22 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2011/04/23 10:26:58 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2009/09/27 21:04:22 | 000,000,790 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
[2009/09/27 21:02:49 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2009/09/27 21:02:49 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2009/09/27 21:02:49 | 000,000,090 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2009/10/05 21:59:03 | 000,000,516 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2009/09/27 21:02:49 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2009/09/27 21:01:00 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2009/09/27 21:04:15 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2009/09/27 21:01:00 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2009/10/05 21:59:03 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2009/09/27 21:10:39 | 000,000,204 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2009/09/27 21:02:49 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2009/09/27 21:02:49 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2009/09/27 21:05:36 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2009/10/31 13:24:20 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2009/10/04 00:53:02 | 000,000,757 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2009/09/27 21:04:20 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/09/27 21:04:18 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2009/09/27 21:05:36 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2009/09/27 21:04:20 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2009/09/27 21:04:18 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/09/27 21:04:20 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2009/09/27 21:02:29 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2009/09/27 21:05:36 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/09/27 21:05:36 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2009/09/27 21:05:36 | 000,000,545 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2009/09/27 21:05:36 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/09/27 21:05:36 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2010/04/24 13:26:23 | 000,001,107 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2010/04/24 13:26:23 | 000,001,158 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2009/09/27 21:05:36 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2010/06/02 23:30:56 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2009/10/04 00:01:04 | 000,000,329 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Dell ResourceCD.lnk
[2009/10/04 01:40:50 | 000,000,798 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2009/09/27 21:02:49 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2009/09/27 21:02:49 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2009/10/04 01:40:50 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2009/10/04 01:40:49 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2009/10/04 01:40:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2009/10/04 01:40:49 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2009/10/04 01:40:49 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2009/09/27 21:02:49 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2009/09/27 21:02:49 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2009/09/27 21:02:49 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2009/09/27 21:02:49 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2009/10/09 23:39:21 | 000,001,613 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource Manual.lnk
[2009/10/09 23:39:20 | 000,001,649 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource.lnk
[2011/04/13 00:02:12 | 000,001,626 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
[2010/06/10 22:16:04 | 000,000,523 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\xImage\Display xImage Help.lnk
[2010/06/10 22:16:04 | 000,000,585 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\xImage\Launch xImage.lnk
[2010/08/07 21:43:35 | 000,000,628 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Folder Finder.lnk
[2010/08/07 21:43:33 | 000,000,638 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\GSAK.lnk
[2010/08/07 21:43:35 | 000,000,594 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Help File.lnk
[2010/08/07 21:43:35 | 000,000,633 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Macro Editor.lnk
[2010/08/07 21:43:36 | 000,000,049 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Support forum.url
[2010/08/07 21:43:36 | 000,000,618 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Uninstall GSAK.lnk
[2010/08/07 21:43:36 | 000,000,045 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Web site.url
[2010/05/30 19:21:49 | 000,001,814 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2010/10/13 20:21:08 | 000,002,149 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2011/04/23 10:34:20 | 000,001,274 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Cartridge Diagnostic Wizard.LNK
[2011/04/23 10:38:30 | 000,000,752 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Imaging Studio.LNK
[2011/04/23 10:38:37 | 000,001,959 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Solution Center.LNK
[2011/04/23 10:38:38 | 000,001,589 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Readme.LNK
[2011/04/23 10:38:43 | 000,000,927 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Uninstall Lexmark 2500 Series.LNK
[2011/04/23 10:34:17 | 000,000,771 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\User's Guide.LNK
[2011/04/23 10:36:08 | 000,001,661 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Lexmark Fax Solutions.LNK
[2011/04/23 10:37:01 | 000,000,963 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Uninstall Lexmark Fax Solutions.LNK
[2010/06/09 19:38:55 | 000,000,950 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Memorex exPressit Label Design Studio Help.lnk
[2010/06/09 19:38:55 | 000,000,830 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Memorex exPressit Label Design Studio.lnk
[2010/06/09 19:38:55 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Uninstall Memorex exPressit Label Design Studio.lnk
[2011/04/01 22:12:47 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\OpenOffice.org 3.3\Desktop.ini
[2011/04/01 22:11:20 | 000,000,857 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Base.lnk
[2011/04/01 22:11:21 | 000,000,841 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Calc.lnk
[2011/04/01 22:11:21 | 000,000,791 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Draw.lnk
[2011/04/01 22:11:21 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Impress.lnk
[2011/04/01 22:11:21 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Math.lnk
[2011/04/01 22:11:22 | 000,000,865 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Writer.lnk
[2011/04/01 22:11:22 | 000,000,897 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org.lnk
[2010/05/09 20:55:52 | 000,001,950 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\MemoriesOnTV.lnk
[2010/05/09 20:52:25 | 000,002,026 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Album.lnk
[2010/08/03 21:03:03 | 000,002,727 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Image Editor.lnk
[2010/05/09 20:52:25 | 000,002,174 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Project Studio.lnk
[2010/05/09 20:52:25 | 000,001,934 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion User Manual.lnk
[2010/05/30 18:49:05 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/05/30 18:49:05 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/06/02 18:45:27 | 000,002,199 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/05/30 18:49:05 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2010/07/14 22:36:18 | 000,000,903 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\RSA SecurID Token\Token Transfer Utility.lnk
[2009/09/27 21:05:36 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2011/04/02 00:53:32 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\TurboTax 2009\TurboTax 2009.lnk
[2011/03/28 21:34:54 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\TurboTax 2010\TurboTax 2010.lnk
[2011/05/13 20:51:16 | 000,001,937 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\AntiVirus_AntiSpyware_2011.lnk
[2009/10/04 01:40:31 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\2\desktop.ini
[2011/01/13 18:25:26 | 000,002,278 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
[2010/08/07 21:43:36 | 000,000,600 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\GSAK.lnk
[2009/09/27 21:10:42 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2010/05/30 20:44:17 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2011/04/23 10:40:48 | 000,000,740 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Lexmark Imaging Studio - 2500 Series.LNK
[2010/09/25 22:23:45 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/05/09 20:55:52 | 000,001,934 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\MemoriesOnTV.lnk
[2011/04/01 22:11:22 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\OpenOffice.org 3.3.lnk
[2010/07/18 10:27:10 | 000,002,723 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Album.lnk
[2010/07/18 10:52:13 | 000,002,715 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Image Editor.lnk
[2010/05/19 22:06:46 | 000,002,745 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Project Studio.lnk
[2011/04/02 02:09:32 | 000,002,393 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\TurboTax 2009.lnk
[2011/04/21 23:42:05 | 000,002,393 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\TurboTax 2010.lnk
[2010/05/30 21:34:12 | 000,000,638 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\WinFF.lnk

< %temp%\*.lnk /s >
[2009/10/05 21:55:37 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2009/09/27 21:05:36 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2009/10/03 23:05:13 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2009/10/03 23:53:38 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
[2010/05/30 18:48:16 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2009/10/09 23:06:57 | 000,000,622 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\EasyGPS.lnk
[2011/03/07 22:22:56 | 000,001,680 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Security Essentials.lnk
[2009/09/27 21:02:23 | 000,001,844 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
[2010/06/02 23:07:57 | 000,001,690 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\PowerDVD.lnk
[2009/10/05 22:49:58 | 000,000,955 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
[2010/08/01 12:07:10 | 000,001,077 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Live ID.lnk
[2009/10/04 01:40:50 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2009/12/22 22:20:44 | 000,002,044 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
[2009/12/22 22:20:44 | 000,000,842 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
[2009/10/05 23:41:04 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/05/31 16:09:24 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/10/05 21:55:22 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2011/04/23 10:26:58 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2009/09/27 21:04:22 | 000,000,790 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
[2009/09/27 21:02:49 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2009/09/27 21:02:49 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2009/09/27 21:02:49 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2009/09/27 21:01:00 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2009/09/27 21:04:15 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2009/09/27 21:01:00 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2009/10/05 21:59:03 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2009/09/27 21:02:49 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2009/09/27 21:02:49 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2009/09/27 21:05:36 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2009/10/31 13:24:20 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2009/09/27 21:04:20 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/09/27 21:04:18 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2009/09/27 21:05:36 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2009/09/27 21:04:20 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2009/09/27 21:04:18 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/09/27 21:04:20 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2009/09/27 21:02:29 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2009/09/27 21:05:36 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/09/27 21:05:36 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2009/09/27 21:05:36 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/09/27 21:05:36 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2010/04/24 13:26:23 | 000,001,107 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2010/04/24 13:26:23 | 000,001,158 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2009/09/27 21:05:36 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2010/06/02 23:30:56 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2009/10/04 00:01:04 | 000,000,329 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Dell ResourceCD.lnk
[2009/09/27 21:02:49 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2009/09/27 21:02:49 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2009/10/04 01:40:50 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2009/10/04 01:40:49 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2009/10/04 01:40:48 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2009/10/04 01:40:49 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2009/10/04 01:40:49 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2009/09/27 21:02:49 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2009/09/27 21:02:49 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2009/09/27 21:02:49 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2009/09/27 21:02:49 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2009/10/09 23:39:21 | 000,001,613 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource Manual.lnk
[2009/10/09 23:39:20 | 000,001,649 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource.lnk
[2011/04/13 00:02:12 | 000,001,626 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
[2010/06/10 22:16:04 | 000,000,523 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\xImage\Display xImage Help.lnk
[2010/06/10 22:16:04 | 000,000,585 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\xImage\Launch xImage.lnk
[2010/08/07 21:43:35 | 000,000,628 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Folder Finder.lnk
[2010/08/07 21:43:33 | 000,000,638 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\GSAK.lnk
[2010/08/07 21:43:35 | 000,000,594 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Help File.lnk
[2010/08/07 21:43:35 | 000,000,633 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Macro Editor.lnk
[2010/08/07 21:43:36 | 000,000,618 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Uninstall GSAK.lnk
[2010/05/30 19:21:49 | 000,001,814 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2010/10/13 20:21:08 | 000,002,149 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2011/04/23 10:34:20 | 000,001,274 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Cartridge Diagnostic Wizard.LNK
[2011/04/23 10:38:30 | 000,000,752 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Imaging Studio.LNK
[2011/04/23 10:38:37 | 000,001,959 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Solution Center.LNK
[2011/04/23 10:38:38 | 000,001,589 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Readme.LNK
[2011/04/23 10:38:43 | 000,000,927 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Uninstall Lexmark 2500 Series.LNK
[2011/04/23 10:34:17 | 000,000,771 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\User's Guide.LNK
[2011/04/23 10:36:08 | 000,001,661 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Lexmark Fax Solutions.LNK
[2011/04/23 10:37:01 | 000,000,963 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Uninstall Lexmark Fax Solutions.LNK
[2010/06/09 19:38:55 | 000,000,950 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Memorex exPressit Label Design Studio Help.lnk
[2010/06/09 19:38:55 | 000,000,830 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Memorex exPressit Label Design Studio.lnk
[2010/06/09 19:38:55 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Uninstall Memorex exPressit Label Design Studio.lnk
[2011/04/01 22:11:20 | 000,000,857 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Base.lnk
[2011/04/01 22:11:21 | 000,000,841 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Calc.lnk
[2011/04/01 22:11:21 | 000,000,791 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Draw.lnk
[2011/04/01 22:11:21 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Impress.lnk
[2011/04/01 22:11:21 | 000,000,793 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Math.lnk
[2011/04/01 22:11:22 | 000,000,865 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Writer.lnk
[2011/04/01 22:11:22 | 000,000,897 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org.lnk
[2010/05/09 20:55:52 | 000,001,950 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\MemoriesOnTV.lnk
[2010/05/09 20:52:25 | 000,002,026 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Album.lnk
[2010/08/03 21:03:03 | 000,002,727 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Image Editor.lnk
[2010/05/09 20:52:25 | 000,002,174 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Project Studio.lnk
[2010/05/09 20:52:25 | 000,001,934 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion User Manual.lnk
[2010/05/30 18:49:05 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/05/30 18:49:05 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/06/02 18:45:27 | 000,002,199 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/05/30 18:49:05 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2010/07/14 22:36:18 | 000,000,903 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\RSA SecurID Token\Token Transfer Utility.lnk
[2011/04/02 00:53:32 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\TurboTax 2009\TurboTax 2009.lnk
[2011/03/28 21:34:54 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\TurboTax 2010\TurboTax 2010.lnk
[2011/05/13 20:51:16 | 000,001,937 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\AntiVirus_AntiSpyware_2011.lnk
[2011/01/13 18:25:26 | 000,002,278 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
[2010/08/07 21:43:36 | 000,000,600 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\GSAK.lnk
[2010/05/30 20:44:17 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2011/04/23 10:40:48 | 000,000,740 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Lexmark Imaging Studio - 2500 Series.LNK
[2010/09/25 22:23:45 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/05/09 20:55:52 | 000,001,934 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\MemoriesOnTV.lnk
[2011/04/01 22:11:22 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\OpenOffice.org 3.3.lnk
[2010/07/18 10:27:10 | 000,002,723 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Album.lnk
[2010/07/18 10:52:13 | 000,002,715 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Image Editor.lnk
[2010/05/19 22:06:46 | 000,002,745 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Project Studio.lnk
[2011/04/02 02:09:32 | 000,002,393 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\TurboTax 2009.lnk
[2011/04/21 23:42:05 | 000,002,393 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\TurboTax 2010.lnk
[2010/05/30 21:34:12 | 000,000,638 | ---- | M] () -- C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\WinFF.lnk

< End of report >
  • 0

#8
maliprog
Posted 19 May 2011 - 05:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SFAdad

You have work to do now :)

  • My Computer
  • Tools
  • Folder Options
  • View
  • "Mark" Show hidden files and folders.

Before we start let's make backup.

ZIP this folder and copy it to desktop

C:\Documents and Settings\Michael\Local Settings\Temp\smtmp

Malware moved all your shortcuts in:

C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\

The easiest way for us to restore them is manual.

You must copy all shortcuts from above location to their correspondent folder in

C:\Documents and Settings\All Users\Start Menu\Programs
or
C:\Documents and Settings\Michael\Start Menu\Programs

For example, to restore Games icon you must copy all shortcuts from 

C:\Documents and Settings\Michael\Local Settings\Temp\smtmp\1\Programs\Games\

to 

C:\Documents and Settings\All Users\Start Menu\Programs\Games

Match folder names and that's it -> Games to Games etc. Just remember DON'T empty your TEMP folders by any tool until we finish this process. Otherwise we will lose your shortcuts forever. If you have any questions please ask.
  • 0

#9
maliprog
Posted 19 May 2011 - 08:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SFAdad,

After talking to some experts we come up with solution for you. Here is way you should try to restore your files automatically. You should try this before manual copy/paste of these shortcuts.

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

  • 0

#10
SFAdad
Posted 19 May 2011 - 06:46 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
It looks like the automatic fix did the job.
Heres the log.


========== OTL ==========
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\EasyGPS.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Security Essentials.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\PowerDVD.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Live ID.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Dell ResourceCD.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource Manual.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\MapSource.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\xImage\Display xImage Help.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Garmin\xImage\Launch xImage.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Folder Finder.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\GSAK.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Help File.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Macro Editor.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Support forum.url
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Uninstall GSAK.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\GSAK\Web site.url
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Cartridge Diagnostic Wizard.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Imaging Studio.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Solution Center.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Readme.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Uninstall Lexmark 2500 Series.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\User's Guide.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Lexmark Fax Solutions.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Uninstall Lexmark Fax Solutions.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Memorex exPressit Label Design Studio Help.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Memorex exPressit Label Design Studio.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Memorex exPressit Label Design Studio\Uninstall Memorex exPressit Label Design Studio.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\Desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Base.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Calc.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Draw.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Impress.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Math.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Writer.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\MemoriesOnTV.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Album.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Image Editor.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion Project Studio.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Photo Explosion\Photo Explosion User Manual.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\RSA SecurID Token\Token Transfer Utility.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\TurboTax 2009\TurboTax 2009.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\1\Programs\TurboTax 2010\TurboTax 2010.lnk
112 File(s) copied
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\AntiVirus_AntiSpyware_2011.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\GSAK.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
6 File(s) copied
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Lexmark Imaging Studio - 2500 Series.LNK
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\MemoriesOnTV.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\OpenOffice.org 3.3.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Album.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Image Editor.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\Photo Explosion Project Studio.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\TurboTax 2009.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\TurboTax 2010.lnk
C:\DOCUME~1\Michael\LOCALS~1\Temp\smtmp\4\WinFF.lnk
10 File(s) copied
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_193805
  • 0

#11
maliprog
Posted 19 May 2011 - 11:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SFAdad,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
SFAdad
Posted 20 May 2011 - 09:50 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thank you!!!
  • 0

#13
maliprog
Posted 21 May 2011 - 12:54 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP