Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Trojans FakeMS and Agent


  • This topic is locked This topic is locked
4 replies to this topic

#1 katemart

katemart

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 04 June 2011 - 07:35 PM

Hi

I think I accidentally downloaded a virus from facebook a few days ago. It started with a blank desktop after loading, which required a reboot. This happened once or twice and today I started getting fake system critical error messages in pop-up dialog boxes. I was able to close these and carry on but then a "diagnostic" toolbox appeared giving me reports about various problems and I was unable to close this using either the buttons or task manager. I was able to move this to one side and connected to housecall which did not detect anything. Then the machine shut itself down and when i rebooted there were no programs in my start menu or in MyComputers, except zone alarm, my wallpaper did not come up nor any desktop icons. I rebooted in safe mode and ran an up-to-date malwarebytes scan from a flash drive. It ran through all the programs and came up with three threats:

Trojan.fakeMS
Trojan.Agent
PUM.Hijack.TaskManager

I deleted all three as it suggested but I think the last one probably should not have been deleted! I have rescanned using malwarebytes and that then said the machine was clean, but I am still unable to see any of the programs. I have since run checkdisk repair, windows malware removal tool and finally spybotsd, which fixed some more problems, including a hotkey which disabled task manager and another one which disabled the active desktop.

I should be grateful if someone could let me know how i can get my laptop functioning properly again. I am on XP. I have run the dds scans and the gmer is doing now.

Many thanks!

BC AdBot (Login to Remove)

 


#2 katemart

katemart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 June 2011 - 04:22 AM

Here is the dds file:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Run by Dave at 1:11:00 on 2011-06-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1188 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [XTTKaJRdnOjICgJ] c:\documents and settings\all users\application data\XTTKaJRdnOjICgJ.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "f:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\corel\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198713374890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E5AC9EDD-DE6B-4692-BB5C-D6ADAB9D2AF2} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dave\application data\mozilla\firefox\profiles\u1j2fkv9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\u1j2fkv9.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-31 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-1 27784]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-12 532224]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 297752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-9-23 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-9-23 476528]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\drivers\tpcdrdrv.sys --> c:\windows\system32\drivers\tpcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]
.
=============== Created Last 30 ================
.
2011-06-04 22:49:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-04 22:49:03 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-04 22:14:16 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2011-06-04 22:14:15 10752 ----a-w- c:\windows\system32\c_iscii.dll
2011-06-04 22:14:13 5632 ----a-w- c:\windows\system32\kbdusa.dll
2011-06-04 22:14:10 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2011-06-04 21:46:50 -------- d-----w- c:\program files\ESET
2011-05-29 18:23:52 -------- d--h--w- c:\windows\pss
2011-05-19 17:45:18 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-06 16:10:21 781272 ---ha-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 16:10:21 1874904 ---ha-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 16:10:20 89048 ---ha-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 16:10:20 465880 ---ha-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 16:10:20 15832 ---ha-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 16:10:19 1974616 ---ha-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-06 16:10:19 1892184 ---ha-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 16:10:19 142296 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 1:12:01.64 ===============

#3 katemart

katemart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 June 2011 - 05:02 AM

I've been reading other posts with the same problem but I'm not sure what stage I am at (unhide, combofix, copy and replace?) however I have run SystemLook because I did run CCleaner at some point last night - I can't remember if this was before or after I used malwarebytes:

(I have also attached the GMER log)

SystemLook 04.09.10 by jpshortstuff
Log created at 10:56 on 05/06/2011 by Dave
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1 d--h--- [17:44 04/06/2011]
desktop.ini --ahs-- 272 bytes [08:10 19/12/2007] [19:28 02/09/2008]
Microsoft Update.lnk --ah--- 1566 bytes [00:02 27/12/2007] [00:02 27/12/2007]
Set Program Access and Defaults.lnk --ah--- 1563 bytes [08:20 19/12/2007] [19:28 02/09/2008]
Windows Catalog.lnk --ah--- 398 bytes [08:20 19/12/2007] [08:20 19/12/2007]
Windows Update.lnk --ah--- 1507 bytes [08:20 19/12/2007] [17:02 25/03/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs d--h--- [17:44 04/06/2011]
Adobe Reader 8.lnk --ah--- 1804 bytes [16:48 07/04/2009] [16:48 07/04/2009]
Apple Software Update.lnk --ah--- 1830 bytes [14:43 05/07/2008] [14:43 05/07/2008]
desktop.ini --ahs-- 150 bytes [08:10 19/12/2007] [08:19 19/12/2007]
Mozilla Firefox.lnk --ah--- 730 bytes [16:10 06/05/2011] [16:10 06/05/2011]
MSN.lnk --ah--- 1986 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Windows Messenger.lnk --ah--- 609 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Windows Movie Maker.lnk --ah--- 786 bytes [08:19 19/12/2007] [08:19 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Accessories d--h--- [17:44 04/06/2011]
Calculator.lnk --ah--- 1498 bytes [08:17 19/12/2007] [15:27 02/02/2008]
desktop.ini --ahs-- 255 bytes [08:17 19/12/2007] [21:34 16/05/2008]
Paint.lnk --ah--- 1515 bytes [08:17 19/12/2007] [19:02 24/01/2011]
Remote Desktop Connection.lnk --ah--- 1585 bytes [19:28 02/09/2008] [19:28 02/09/2008]
Scanner and Camera Wizard.lnk --ah--- 710 bytes [21:34 16/05/2008] [21:34 16/05/2008]
WordPad.lnk --ah--- 879 bytes [08:17 19/12/2007] [08:17 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility d--h--- [17:44 04/06/2011]
Accessibility Wizard.lnk --ah--- 1520 bytes [08:17 19/12/2007] [08:17 19/12/2007]
desktop.ini --ahs-- 90 bytes [08:17 19/12/2007] [08:17 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications d--h--- [17:44 04/06/2011]
Bluetooth File Transfer Wizard.lnk --ah--- 1517 bytes [08:15 19/12/2007] [08:15 19/12/2007]
desktop.ini --ahs-- 592 bytes [08:15 19/12/2007] [19:31 02/09/2008]
HyperTerminal.lnk --ah--- 786 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Network Connections.lnk --ah--- 1757 bytes [08:16 19/12/2007] [08:16 19/12/2007]
Network Setup Wizard.lnk --ah--- 1640 bytes [08:19 19/12/2007] [08:19 19/12/2007]
New Connection Wizard.lnk --ah--- 1646 bytes [08:16 19/12/2007] [08:16 19/12/2007]
Wireless Network Setup Wizard.lnk --ah--- 1656 bytes [08:20 19/12/2007] [19:31 02/09/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment d--h--- [17:44 04/06/2011]
desktop.ini --ahs-- 146 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Sound Recorder.lnk --ah--- 1528 bytes [08:17 19/12/2007] [15:53 06/07/2008]
Volume Control.lnk --ah--- 1528 bytes [08:17 19/12/2007] [08:17 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools d--h--- [17:44 04/06/2011]
Character Map.lnk --ah--- 1521 bytes [08:17 19/12/2007] [08:17 19/12/2007]
desktop.ini --ahs-- 703 bytes [08:17 19/12/2007] [08:20 19/12/2007]
Disk Cleanup.lnk --ah--- 1532 bytes [08:19 19/12/2007] [08:19 19/12/2007]
Disk Defragmenter.lnk --ah--- 1572 bytes [08:19 19/12/2007] [21:02 30/09/2009]
Files and Settings Transfer Wizard.lnk --ah--- 1591 bytes [08:20 19/12/2007] [08:20 19/12/2007]
Scheduled Tasks.lnk --ah--- 1753 bytes [08:19 19/12/2007] [08:19 19/12/2007]
System Information.lnk --ah--- 1070 bytes [08:19 19/12/2007] [08:19 19/12/2007]
System Restore.lnk --ah--- 1616 bytes [08:19 19/12/2007] [08:19 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools d--h--- [17:44 04/06/2011]
Component Services.lnk --ah--- 1582 bytes [08:18 19/12/2007] [08:18 19/12/2007]
Computer Management.lnk --ah--- 1602 bytes [08:20 19/12/2007] [21:43 07/01/2008]
Data Sources (ODBC).lnk --ah--- 1596 bytes [08:20 19/12/2007] [08:20 19/12/2007]
desktop.ini --ahs-- 476 bytes [08:18 19/12/2007] [08:20 19/12/2007]
Event Viewer.lnk --ah--- 1592 bytes [08:20 19/12/2007] [08:20 19/12/2007]
Performance.lnk --ah--- 1591 bytes [08:20 19/12/2007] [21:41 07/01/2008]
Services.lnk --ah--- 1602 bytes [08:20 19/12/2007] [08:20 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Ahead Nero d--h--- [17:44 04/06/2011]
Nero Express.lnk --ah--- 756 bytes [18:38 27/01/2008] [18:38 27/01/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Ahead Nero\Nero Toolkit d--h--- [17:44 04/06/2011]
Nero CD Speed.lnk --ah--- 835 bytes [18:38 27/01/2008] [18:38 27/01/2008]
Nero DriveSpeed.lnk --ah--- 856 bytes [18:38 27/01/2008] [18:38 27/01/2008]
Nero InfoTool.lnk --ah--- 892 bytes [18:38 27/01/2008] [18:38 27/01/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Ahead Nero\User's Guides d--h--- [17:44 04/06/2011]
Nero Express [English manual].lnk --ah--- 849 bytes [18:38 27/01/2008] [18:38 27/01/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 8.5 d--h--- [17:44 04/06/2011]
AVG Free Tray Icon.lnk --ah--- 1535 bytes [18:42 31/12/2008] [18:42 31/12/2008]
AVG Free User Interface.lnk --ah--- 1519 bytes [18:42 31/12/2008] [18:42 31/12/2008]
Uninstall AVG Free.lnk --ah--- 1541 bytes [18:42 31/12/2008] [18:42 31/12/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry d--h--- [17:44 04/06/2011]
BlackBerry Desktop Software.lnk --ah--- 1968 bytes [17:50 15/08/2010] [19:53 08/05/2011]
BlackBerry Media Sync.lnk --ah--- 913 bytes [18:21 15/08/2010] [18:21 15/08/2010]
Readme.lnk --ah--- 1971 bytes [17:50 15/08/2010] [19:53 08/05/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Bluetooth d--h--- [17:44 04/06/2011]
Bluetooth Information Exchanger.lnk --ah--- 811 bytes [10:41 19/12/2007] [10:41 19/12/2007]
Bluetooth Settings.lnk --ah--- 806 bytes [10:41 19/12/2007] [10:41 19/12/2007]
Remote Camera.lnk --ah--- 816 bytes [10:41 19/12/2007] [10:41 19/12/2007]
User's Guide.lnk --ah--- 801 bytes [10:41 19/12/2007] [10:41 19/12/2007]
Wireless File Transfer.lnk --ah--- 821 bytes [10:41 19/12/2007] [10:41 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Bonjour d--h--- [17:44 04/06/2011]
About Bonjour.lnk --ah--- 660 bytes [19:14 05/07/2008] [19:14 05/07/2008]
Bonjour Printer Wizard.lnk --ah--- 1808 bytes [19:14 05/07/2008] [19:14 05/07/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Corel DVD Copy 6 d--h--- [17:44 04/06/2011]
Corel DVD Copy 6.lnk --ah--- 1667 bytes [18:01 27/01/2008] [18:01 27/01/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\doPDF 7 d--h--- [17:44 04/06/2011]
doPDF Help.lnk --ah--- 716 bytes [21:07 16/12/2010] [21:07 16/12/2010]
doPDF.lnk --ah--- 777 bytes [21:07 16/12/2010] [21:07 16/12/2010]
Uninstall doPDF 7.lnk --ah--- 1612 bytes [21:07 16/12/2010] [21:07 16/12/2010]
Visit the forum.lnk --ah--- 202 bytes [21:07 16/12/2010] [21:07 16/12/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\EPSON d--h--- [17:44 04/06/2011]
EPSON Printer Software Uninstall.lnk --ah--- 985 bytes [08:36 21/11/2008] [08:36 21/11/2008]
EPSON Stylus Photo R300 Series Readme.lnk --ah--- 979 bytes [08:36 21/11/2008] [08:36 21/11/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Family Historian d--h--- [17:44 04/06/2011]
Family Historian Help.lnk --ah--- 814 bytes [20:30 24/04/2011] [00:27 25/04/2011]
Family Historian.lnk --ah--- 814 bytes [00:26 25/04/2011] [00:27 25/04/2011]
Readme.lnk --ah--- 838 bytes [20:30 24/04/2011] [00:27 25/04/2011]
Uninstall Family Historian.lnk --ah--- 682 bytes [00:26 25/04/2011] [00:27 25/04/2011]
User Manual.lnk --ah--- 960 bytes [20:30 24/04/2011] [00:27 25/04/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Family Tree Maker d--h--- [17:44 04/06/2011]
Family Tree Maker.lnk --ah--- 622 bytes [19:00 17/04/2011] [19:00 17/04/2011]
FTW Read Me.lnk --ah--- 677 bytes [19:00 17/04/2011] [19:00 17/04/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Fujitsu d--h--- [17:44 04/06/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Fujitsu\SystemDiagnostics d--h--- [17:44 04/06/2011]
SystemDiagnostics.lnk --ah--- 1842 bytes [01:35 17/11/2010] [01:35 17/11/2010]
Uninstall.lnk --ah--- 693 bytes [01:35 17/11/2010] [01:35 17/11/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Games d--h--- [17:44 04/06/2011]
desktop.ini --ahs-- 798 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Freecell.lnk --ah--- 1522 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Hearts.lnk --ah--- 1520 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Internet Backgammon.lnk --ah--- 913 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Internet Checkers.lnk --ah--- 913 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Internet Hearts.lnk --ah--- 913 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Internet Reversi.lnk --ah--- 913 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Internet Spades.lnk --ah--- 913 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Minesweeper.lnk --ah--- 1515 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Pinball.lnk --ah--- 885 bytes [08:17 19/12/2007] [08:17 19/12/2007]
Solitaire.lnk --ah--- 1491 bytes [08:17 19/12/2007] [21:44 23/01/2008]
Spider Solitaire.lnk --ah--- 1502 bytes [08:17 19/12/2007] [08:17 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\InterVideo DiscLabel d--h--- [17:44 04/06/2011]
InterVideo DiscLabel.lnk --ah--- 1721 bytes [18:02 27/01/2008] [18:02 27/01/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\InterVideo Virtual Drive d--h--- [17:44 04/06/2011]
InterVideo Virtual Drive.lnk --ah--- 1769 bytes [18:01 27/01/2008] [18:01 27/01/2008]
InterVideo WinDVD 4.lnk --ah--- 1629 bytes [08:37 10/02/2008] [08:37 10/02/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\iTunes d--h--- [17:44 04/06/2011]
About iTunes.lnk --ah--- 1584 bytes [13:50 19/01/2008] [16:25 17/07/2008]
iTunes.lnk --ah--- 2149 bytes [13:50 19/01/2008] [21:29 26/08/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Kodak d--h--- [17:44 04/06/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Kodak\Kodak EasyShare d--h--- [17:44 04/06/2011]
Kodak EasyShare software.lnk --ah--- 1827 bytes [21:32 16/05/2008] [21:32 16/05/2008]
ReadMe.lnk --ah--- 788 bytes [21:33 16/05/2008] [21:33 16/05/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Kodak\Kodak EasyShare printer dock d--h--- [17:44 04/06/2011]
Kodak Wireless Printer Computer Setup Assistant.lnk --ah--- 1881 bytes [21:35 16/05/2008] [21:35 16/05/2008]
Kodak Wireless Printer Configuration Utility.lnk --ah--- 1940 bytes [21:35 16/05/2008] [21:35 16/05/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Logitech d--h--- [17:44 04/06/2011]
Desktop Messenger.lnk --ah--- 1871 bytes [15:36 19/02/2010] [15:36 19/02/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech Harmony Remote d--h--- [17:44 04/06/2011]
Logitech Harmony Remote Software 7.lnk --ah--- 1829 bytes [15:37 19/02/2010] [15:37 19/02/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware d--h--- [17:44 04/06/2011]
Malwarebytes' Anti-Malware Help.lnk --ah--- 796 bytes [23:21 19/01/2011] [23:21 19/01/2011]
Malwarebytes' Anti-Malware.lnk --ah--- 796 bytes [23:21 19/01/2011] [23:21 19/01/2011]
Uninstall Malwarebytes' Anti-Malware.lnk --ah--- 820 bytes [23:21 19/01/2011] [23:21 19/01/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office d--h--- [17:44 04/06/2011]
Microsoft Office Access 2007.lnk --ah--- 2483 bytes [19:17 20/05/2010] [00:10 21/04/2011]
Microsoft Office Excel 2007.lnk --ah--- 2485 bytes [19:17 20/05/2010] [18:12 11/05/2011]
Microsoft Office Groove 2007.lnk --ah--- 2603 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office InfoPath 2007.lnk --ah--- 2593 bytes [19:17 20/05/2010] [02:04 22/06/2010]
Microsoft Office OneNote 2007.lnk --ah--- 2525 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office Outlook 2007.lnk --ah--- 2599 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office PowerPoint 2007.lnk --ah--- 2551 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office Publisher 2007.lnk --ah--- 2517 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office Word 2007.lnk --ah--- 2527 bytes [19:17 20/05/2010] [10:04 26/05/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools d--h--- [17:44 04/06/2011]
Digital Certificate for VBA Projects.lnk --ah--- 2553 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Clip Organizer.lnk --ah--- 2533 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office 2007 Language Settings.lnk --ah--- 2433 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office Diagnostics.lnk --ah--- 2531 bytes [19:17 20/05/2010] [19:17 20/05/2010]
Microsoft Office Picture Manager.lnk --ah--- 2511 bytes [19:17 20/05/2010] [19:17 20/05/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Research d--h--- [17:44 04/06/2011]
WorldWide Telescope.lnk --ah--- 1966 bytes [12:53 13/05/2008] [12:53 13/05/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight d--h--- [17:44 04/06/2011]
Microsoft Silverlight.lnk --ah--- 1986 bytes [12:56 08/06/2010] [00:32 22/04/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials d--h--- [17:44 04/06/2011]
Nero Home Essentials SE.lnk --ah--- 2273 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Online Upgrade.lnk --ah--- 1891 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero ProductSetup.lnk --ah--- 2073 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero StartSmart Essentials.lnk --ah--- 2373 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Audio d--h--- [17:44 04/06/2011]
Nero Express Essentials.lnk --ah--- 2018 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Data d--h--- [17:44 04/06/2011]
Nero BackItUp Essentials.lnk --ah--- 2271 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Express Essentials.lnk --ah--- 2018 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Labels d--h--- [17:44 04/06/2011]
Nero CoverDesigner Essentials.lnk --ah--- 2364 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Manuals d--h--- [17:44 04/06/2011]
Nero BackItUp Essentials [English Help].lnk --ah--- 1825 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero BurnRights [English Help].lnk --ah--- 1814 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero CD-DVD Speed [English Help].lnk --ah--- 1769 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero CoverDesigner Essentials [English Help].lnk --ah--- 1905 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Express Essentials [English Help].lnk --ah--- 1749 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Home Essentials SE [English Help].lnk --ah--- 1767 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero MediaHome Essentials [English Help].lnk --ah--- 1841 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero PhotoSnap Essentials [English Help].lnk --ah--- 1841 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Recode Essentials [English Help].lnk --ah--- 1793 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero ShowTime Essentials [English Help].lnk --ah--- 1825 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero StartSmart Essentials [English Help].lnk --ah--- 1857 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Vision Essentials [English Help].lnk --ah--- 1842 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Photo and Video d--h--- [17:44 04/06/2011]
Nero PhotoSnap Essentials.lnk --ah--- 2107 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero PhotoSnap Viewer Essentials.lnk --ah--- 2033 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Recode Essentials.lnk --ah--- 2291 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Vision Essentials.lnk --ah--- 2339 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Play d--h--- [17:44 04/06/2011]
Nero ShowTime Essentials.lnk --ah--- 2197 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Share d--h--- [17:44 04/06/2011]
Nero MediaHome Essentials.lnk --ah--- 2169 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Essentials\Tools d--h--- [17:44 04/06/2011]
Nero BurnRights.lnk --ah--- 2216 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero CD-DVD Speed.lnk --ah--- 2069 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero DriveSpeed.lnk --ah--- 2146 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero InfoTool.lnk --ah--- 2304 bytes [11:10 19/12/2007] [11:10 19/12/2007]
Nero Scout.lnk --ah--- 2158 bytes [11:10 19/12/2007] [11:10 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nokia d--h--- [17:44 04/06/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nokia\Nokia Software Updater d--h--- [17:44 04/06/2011]
Help Nokia Software Updater.lnk --ah--- 1861 bytes [16:34 22/04/2011] [16:34 22/04/2011]
Licence and copyright notes.lnk --ah--- 1908 bytes [16:34 22/04/2011] [16:34 22/04/2011]
Nokia Software Updater.lnk --ah--- 1873 bytes [16:34 22/04/2011] [16:34 22/04/2011]
Uninstall Nokia Software Updater.lnk --ah--- 1713 bytes [16:34 22/04/2011] [16:34 22/04/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Nokia PC Suite d--h--- [17:44 04/06/2011]
Nokia PC Suite.lnk --ah--- 1775 bytes [18:42 18/01/2010] [18:42 18/01/2010]
Uninstall Nokia PC Suite.lnk --ah--- 2153 bytes [18:42 18/01/2010] [18:42 18/01/2010]
User's Guide for Nokia PC Suite.lnk --ah--- 774 bytes [18:42 18/01/2010] [18:42 18/01/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\QuickTime d--h--- [17:44 04/06/2011]
About QuickTime.lnk --ah--- 1802 bytes [19:22 05/07/2008] [19:22 05/07/2008]
PictureViewer.lnk --ah--- 1812 bytes [19:22 05/07/2008] [19:22 05/07/2008]
QuickTime Player.lnk --ah--- 1802 bytes [19:22 05/07/2008] [19:22 05/07/2008]
Uninstall QuickTime.lnk --ah--- 1639 bytes [19:22 05/07/2008] [19:22 05/07/2008]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Real d--h--- [17:44 04/06/2011]
RealPlayer Converter.lnk --ah--- 946 bytes [19:44 20/05/2010] [19:44 20/05/2010]
RealPlayer SP.lnk --ah--- 765 bytes [19:43 20/05/2010] [19:43 20/05/2010]
RealPlayer Trimmer.lnk --ah--- 888 bytes [19:44 20/05/2010] [19:44 20/05/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Sierra d--h--- [17:44 04/06/2011]
Sierra OnLine UK.URL --ah--- 69 bytes [23:52 30/01/2009] [23:52 30/01/2009]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Skype d--h--- [17:44 04/06/2011]
Skype.lnk --ah--- 1878 bytes [01:08 07/02/2011] [01:08 07/02/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Startup d--h--- [17:44 04/06/2011]
Bluetooth Manager.lnk --ah--- 715 bytes [10:43 19/12/2007] [10:48 19/12/2007]
desktop.ini --ahs-- 84 bytes [08:10 19/12/2007] [08:20 19/12/2007]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\Stellarium d--h--- [17:44 04/06/2011]
config.ini.lnk --ah--- 761 bytes [23:56 17/04/2011] [23:56 17/04/2011]
Last run log.lnk --ah--- 745 bytes [23:56 17/04/2011] [23:56 17/04/2011]
Stellarium (no OpenGL2).lnk --ah--- 1626 bytes [23:56 17/04/2011] [23:56 17/04/2011]
Stellarium.lnk --ah--- 1602 bytes [23:56 17/04/2011] [23:56 17/04/2011]
Uninstall Stellarium.lnk --ah--- 708 bytes [23:56 17/04/2011] [23:56 17/04/2011]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\1\Programs\ZoneAlarm d--h--- [17:44 04/06/2011]
Readme.lnk --ah--- 738 bytes [12:49 27/07/2010] [12:49 27/07/2010]
Uninstall ZoneAlarm Security.lnk --ah--- 1671 bytes [12:49 27/07/2010] [12:49 27/07/2010]
ZoneAlarm Diagnostics Tool.lnk --ah--- 973 bytes [12:49 27/07/2010] [12:49 27/07/2010]
ZoneAlarm Security.lnk --ah--- 743 bytes [12:49 27/07/2010] [12:49 27/07/2010]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\2 d--h--- [17:44 04/06/2011]
desktop.ini --ahs-- 119 bytes [10:07 01/01/2008] [19:41 02/09/2008]
Launch Internet Explorer Browser.lnk --ah--- 779 bytes [19:41 02/09/2008] [19:41 02/09/2008]
Microsoft Office Outlook.lnk --ah--- 792 bytes [21:20 20/05/2010] [21:20 20/05/2010]
Mozilla Firefox (2).lnk --ah--- 1602 bytes [18:17 27/08/2008] [18:17 27/08/2008]
Mozilla Firefox.lnk --ah--- 1620 bytes [15:53 03/03/2011] [15:53 03/03/2011]
QuickTime Player.lnk --ah--- 1802 bytes [19:22 05/07/2008] [19:22 05/07/2008]
Windows Media Player.lnk --ah--- 800 bytes [19:41 02/09/2008] [18:18 04/01/2009]

C:\DOCUME~1\Dave\LOCALS~1\Temp\smtmp\4 d--h--- [17:44 04/06/2011]
BlackBerry Desktop Software.lnk --ah--- 1956 bytes [17:50 15/08/2010] [19:53 08/05/2011]
Family Historian 2.3.lnk --ah--- 718 bytes [00:26 25/04/2011] [00:27 25/04/2011]
Nokia PC Suite.lnk --ah--- 1763 bytes [18:42 18/01/2010] [18:42 18/01/2010]
Nokia Software Updater.lnk --ah--- 1855 bytes [16:34 22/04/2011] [16:34 22/04/2011]
Recuva.lnk --ah--- 1512 bytes [19:34 08/05/2011] [19:34 08/05/2011]
Stellarium.lnk --ah--- 1590 bytes [23:56 17/04/2011] [23:56 17/04/2011]

-= EOF =-

Attached Files



#4 katemart

katemart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 June 2011 - 08:24 AM

Thank you all, this is fixed now! I used the Unhide program from another topic and that restored all my icons and program links, then I had to do a manual restore of my user/desktop settings again following the instructions from another topic. I can't remember exactly what i used now but certainly the tools available from the volunteers on this site are amazing and I would like to thank each and every one of you for your dedication.

Kate

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:22 PM

Posted 05 June 2011 - 01:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users