Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google hi-jacked - keeps being redirected.


  • This topic is locked This topic is locked
48 replies to this topic

#1 twistpile

twistpile

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 25 January 2012 - 03:38 PM

A few days ago my firefox browser started redirecting any search results from google to other sites. At the same time my Sophos anti-virus protection has picked-up katush-B and ExpJS-CK.

Tried to cure it by doing a restore, first one did not work, tried a different restore point, that one didn't work, tried one that had worked in the past and now that one doesn't work either. I think they may have been corrupted when Sophos did a clean of the viruses.

I have backed up all my documents onto a stand alone hard disk.

I have run Defogger OK.

Tried to run DDS, it got to the dos window stage and just hung, after about an hour I re-booted.

Tried to run gmer, there is only one file in the zip file, ran it and it came up with a warning "LoadDriver("C:\DOCUME~1\Michael\LOCALS~|Temp\pxtdgpod.sys")error 0xC000010E:Cannot create a stable subkey under a volatile parent key. I hit OK and it did come up but it only had three 4 options ticked, Services, Registry, Files and ADS, all the others were greyed out. Hit Scan anyway, the whole thing disappeared and never came back..!! Ran it again, the warning came up but after I hit OK, this time I could see it checking through my file, after a long time it came up with the message - GMER hasn't found any system modifications. The log file was empty, I still had only the 4 options ticked.

I have run HijackThis OK, please see the log.

Hope you can help me with this and look forward to hearing from you.

Logfile of HijackThis v1.99.1
Scan saved at 17:58:48, on 25/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Documents and Settings\Micheal\My Documents\HiJackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co124w.col124.mail.live.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworl.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EPSON SX410 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\WINDOWS\TEMP\E_SCD.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digimax Viewer 2.0.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163246533859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5202B8E-5864-4CB0-AFBA-F055010A28F2}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99e43483177ee) (gupdate1c99e43483177ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Unknown owner - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" (file missing)
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe



Many thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 29 January 2012 - 03:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 29 January 2012 - 08:45 AM

Hi Gringo

Thanks for getting back to me.

I have run unhide, it finished OK, I should add, I have not disabled my anti-virus checker at this stage.

Also ran OTL, that finished OK, here is the log you requested:-


OTL logfile created on: 29/01/2012 12:41:38 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Micheal\Restart files\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.07 Mb Total Physical Memory | 416.80 Mb Available Physical Memory | 41.10% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 42.19 Gb Free Space | 28.85% Space Free | Partition Type: NTFS

Computer Name: BILL | User Name: Micheal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Micheal\Restart files\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe ()
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libeay32.dll ()
MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll ()
MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\Impexp97.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\Stapi.dll ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\STWABLT.DLL ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\STFRG.DLL ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\STWA.DLL ()
MOD - C:\Program Files\Samsung\Digimax Viewer 2.0\STXFORM.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)


========== Driver Services (SafeList) ==========

DRV - (sdcfilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\sdcfilter.sys (Sophos Plc)
DRV - (HssDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys (AnchorFree Inc)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\SYSTEM32\DRIVERS\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\savonaccessfilter.sys (Sophos Plc)
DRV - (fssfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (SophosBootDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\SophosBootDriver.sys (Sophos Plc)
DRV - (LVMVDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys ()
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302AV.SYS (Logitech Inc.)
DRV - (ssm_mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys (MCCI)
DRV - (ssm_mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys (MCCI)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys (MCCI)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.iii.co.uk/http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://co124w.col124.mail.live.com/default.aspx
IE - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9e20d2b-aed4-4752-b7c8-408c6a39817e}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/08 10:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 13:03:35 | 000,000,000 | ---D | M]

[2008/12/22 15:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Micheal\Application Data\Mozilla\Extensions
[2012/01/09 00:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Micheal\Application Data\Mozilla\Firefox\Profiles\nyrk1eql.default\extensions
[2010/04/28 16:48:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Micheal\Application Data\Mozilla\Firefox\Profiles\nyrk1eql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/09 00:13:49 | 000,000,000 | ---D | M] (Expat Shield Community Toolbar) -- C:\Documents and Settings\Micheal\Application Data\Mozilla\Firefox\Profiles\nyrk1eql.default\extensions\{a060276a-53be-45ec-8ebe-b94b1e803179}
[2011/04/10 19:27:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Micheal\Application Data\Mozilla\Firefox\Profiles\nyrk1eql.default\extensions\{b9e20d2b-aed4-4752-b7c8-408c6a39817e}
[2010/12/12 18:13:18 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Micheal\Application Data\Mozilla\Firefox\Profiles\nyrk1eql.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/12/18 00:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/30 23:24:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/18 00:28:41 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012/01/08 10:46:28 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 08:53:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 08:53:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/02 08:53:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/02 08:53:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/02 08:53:08 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SpyHunter] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006..\Run: [EPSON SX410 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3969572758-3017360864-1490864365-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163246533859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Documents and Settings\Josh\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:1 (Privacy Protection) -
O24 - Desktop WallPaper: C:\Documents and Settings\Micheal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Micheal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7495ec1-a651-11dc-8dbb-000e5091f4d3}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success - All Tests (2007-2008)
[2012/01/29 11:48:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Micheal\Restart files\Desktop\OTL.exe
[2012/01/25 00:05:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Micheal\Restart files\Desktop\dds.scr
[2012/01/23 21:17:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/23 21:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/23 21:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/22 20:06:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Micheal\Recent
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Micheal\*.tmp files -> C:\Documents and Settings\Micheal\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/29 12:49:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F36BC879-CFCD-4F8A-8FF3-BB8E0DD6DEB5}.job
[2012/01/29 12:44:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 12:36:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/01/29 12:36:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 12:17:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/01/29 12:17:00 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 12:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\AD0D6C8C90F6EAD8.job
[2012/01/29 11:48:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Micheal\Restart files\Desktop\OTL.exe
[2012/01/29 11:36:18 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\unhide.exe
[2012/01/28 19:15:05 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\Microsoft Office Outlook 2007.lnk
[2012/01/25 21:14:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/25 18:21:02 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\gmer.zip
[2012/01/25 00:16:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Micheal\defogger_reenable
[2012/01/25 00:05:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Micheal\Restart files\Desktop\dds.scr
[2012/01/24 23:56:07 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\Defogger.exe
[2012/01/24 20:52:15 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Micheal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 18:28:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\Microsoft Office Word 2007.lnk
[2012/01/23 21:17:45 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2012/01/16 17:46:38 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\Microsoft Office Excel 2007.lnk
[2012/01/13 13:03:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/12 01:56:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 01:39:43 | 000,446,148 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/01/12 01:39:43 | 000,073,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Micheal\*.tmp files -> C:\Documents and Settings\Micheal\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 12:06:03 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Micheal\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/29 11:36:17 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\unhide.exe
[2012/01/25 18:20:58 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\gmer.zip
[2012/01/25 00:16:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Micheal\defogger_reenable
[2012/01/24 23:56:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Micheal\Restart files\Desktop\Defogger.exe
[2012/01/23 21:17:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/23 21:17:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/22 10:16:01 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/13 13:03:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 13:03:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/25 22:54:30 | 000,546,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/25 17:33:28 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Micheal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/22 18:35:17 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/22 18:35:17 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/22 18:35:17 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/22 18:35:17 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/22 18:35:17 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/22 18:35:17 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/22 18:35:17 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/22 18:35:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/22 18:35:16 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/22 18:35:16 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/22 18:35:16 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/22 18:35:16 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/22 18:35:16 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/22 18:35:16 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/22 18:35:16 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/22 18:35:16 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/22 18:35:16 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/22 18:35:16 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/22 18:35:16 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/28 16:52:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2010/04/07 23:11:36 | 000,067,128 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/21 16:20:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/01 21:03:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/12/14 23:29:51 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/19 19:13:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2008/10/19 19:13:42 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2008/08/14 15:20:39 | 000,000,048 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/17 10:15:34 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/13 19:56:18 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2007/09/19 22:15:09 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/23 10:42:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/21 11:27:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2007/01/21 11:27:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2007/01/21 11:27:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2007/01/21 11:26:48 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2007/01/21 10:26:38 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2007/01/01 20:07:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/12/25 15:31:26 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/27 00:22:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/26 16:03:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/11 14:03:36 | 000,000,876 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/11 13:26:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/11 10:40:43 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbucnv4.dll
[2005/01/21 04:03:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/21 04:00:46 | 000,000,255 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 03:58:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/21 03:48:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/01/21 03:47:38 | 000,446,148 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/01/21 03:47:38 | 000,073,370 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/01/21 03:32:52 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/15 18:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:08:08 | 001,604,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 10:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 16:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2002/05/15 23:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 13:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %TEMP%\smtmp\*.*/S >
[2008/08/26 14:34:50 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\DESKTOP.INI
[2006/11/11 12:02:39 | 000,001,566 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2008/08/26 14:34:50 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2006/11/12 15:21:55 | 000,000,894 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\SpyHunter.lnk
[2004/08/10 13:04:12 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2007/09/21 20:33:59 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2009/07/01 21:04:33 | 000,001,794 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Acrobat Distiller 5.0.lnk
[2009/07/01 21:04:33 | 000,000,888 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Acrobat 5.0.lnk
[2007/06/23 10:19:38 | 000,000,818 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Bridge CS3.lnk
[2007/06/23 10:24:08 | 000,000,911 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Device Central CS3.lnk
[2007/06/23 10:24:35 | 000,001,100 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe ExtendScript Toolkit 2.lnk
[2007/06/23 10:31:52 | 000,000,856 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop CS3.lnk
[2012/01/13 13:03:36 | 000,001,804 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2007/06/23 10:27:38 | 000,000,942 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Stock Photos CS3.lnk
[2011/11/14 22:46:18 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2004/08/10 13:02:52 | 000,000,150 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DESKTOP.INI
[2005/01/21 03:56:44 | 000,001,605 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2011/05/21 07:29:10 | 000,000,730 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2005/01/21 03:56:34 | 000,001,690 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\PowerDVD.lnk
[2007/02/08 22:14:36 | 000,000,721 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\RealPlayer.lnk
[2004/08/10 13:01:34 | 000,000,609 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2004/08/10 13:02:52 | 000,000,690 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2007/11/10 00:09:10 | 000,000,645 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
[2007/11/10 00:09:10 | 000,000,650 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
[2010/10/24 22:21:38 | 000,002,479 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
[2010/10/22 18:40:52 | 000,000,830 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
[2009/02/27 00:05:27 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator (2).lnk
[2006/11/12 17:16:56 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/10/22 18:47:25 | 000,000,255 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\DESKTOP.INI
[2010/07/25 11:52:45 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/08/26 14:34:33 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/10/22 18:47:25 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2004/08/10 13:01:34 | 000,000,783 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2007/09/21 20:33:52 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2004/08/10 13:01:34 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\DESKTOP.INI
[2008/08/26 14:36:36 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\DESKTOP.INI
[2004/08/10 13:01:34 | 000,000,690 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2007/09/21 20:33:53 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2007/09/21 20:33:53 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2007/09/21 20:33:53 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/08/26 14:36:36 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2004/08/10 13:01:30 | 000,000,283 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\DESKTOP.INI
[2007/02/10 00:50:20 | 000,001,605 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
[2007/09/21 20:33:53 | 000,001,710 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
[2007/09/21 20:33:53 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
[2004/08/10 13:01:34 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\DESKTOP.INI
[2011/01/30 16:02:50 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2007/09/21 20:33:53 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2004/08/10 13:13:12 | 000,000,707 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
[2004/08/10 13:13:12 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
[2007/09/21 20:33:54 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2004/08/10 13:04:12 | 000,000,703 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\DESKTOP.INI
[2010/02/21 13:57:58 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2007/09/21 20:33:54 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2007/09/21 20:33:54 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2007/09/21 20:33:54 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2004/08/10 13:02:46 | 000,000,974 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/02/10 12:21:01 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2004/08/10 13:02:02 | 000,001,486 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2007/06/12 19:43:54 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2007/09/21 20:33:54 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2004/08/10 13:04:12 | 000,000,476 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\DESKTOP.INI
[2007/09/21 20:33:54 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2004/08/10 13:10:00 | 000,001,011 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2004/08/10 13:10:00 | 000,001,062 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2007/06/12 19:41:42 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2007/06/12 19:43:26 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2009/01/13 13:46:41 | 000,001,852 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\BBC iPlayer Download Manager\BBC iPlayer Download Manager.lnk
[2010/10/25 17:27:30 | 000,001,968 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry\BlackBerry Desktop Software.lnk
[2010/10/25 17:27:31 | 000,001,971 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry\Readme.lnk
[2007/09/21 20:33:54 | 000,001,071 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\CamStudio.lnk
[2007/09/21 20:33:54 | 000,000,941 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\Movie Player 2.1.lnk
[2007/09/21 20:33:54 | 000,000,929 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\Movie Player.lnk
[2007/09/21 20:33:54 | 000,000,941 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\SWF Producer.lnk
[2007/09/21 20:33:55 | 000,001,076 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\Uninstall.lnk
[2010/05/28 16:51:35 | 000,001,042 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Coupon Printer\beforeIshop.co.uk Coupon Gallery.lnk
[2007/09/30 16:21:59 | 000,001,759 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Creative\Product Registration.lnk
[2005/01/21 03:55:57 | 000,001,754 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Driver Reset Tool.lnk
[2006/11/12 19:16:25 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell Picture Studio Home.lnk
[2006/11/12 19:16:25 | 000,001,096 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell.Shutterfly.com - Online Print Service.lnk
[2006/11/12 19:16:25 | 000,000,856 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\On-line Help.lnk
[2006/11/12 19:16:25 | 000,002,437 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Paint Shop Photo Album.lnk
[2005/01/21 03:57:46 | 000,001,943 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Product Tour.lnk
[2006/11/12 19:16:25 | 000,001,519 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Uninstall Paint Shop Photo Album.lnk
[2005/01/21 04:00:31 | 000,000,726 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Check Now.lnk
[2005/01/21 04:00:31 | 000,001,539 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Dell Support Help.lnk
[2005/01/21 04:00:31 | 000,000,703 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Dell Support Settings.lnk
[2005/01/21 04:00:31 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Dell Support.lnk
[2005/01/21 04:01:31 | 000,000,805 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell\Media Experience\Register Media Experience.lnk
[2005/01/21 04:01:31 | 000,001,736 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell\Media Experience\Start Media Experience.lnk
[2009/11/14 09:42:17 | 000,001,686 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Check for DivX Updates.lnk
[2009/11/14 09:42:09 | 000,001,028 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Post DivX video to your website.lnk
[2009/11/14 09:43:10 | 000,000,673 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Remove the DivX Bundle.lnk
[2009/11/14 09:42:09 | 000,001,034 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Why Buy DivX Pro.lnk
[2009/11/14 09:42:21 | 000,000,713 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Decoder Configuration Utility.lnk
[2009/11/14 09:42:21 | 000,000,718 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\License.lnk
[2009/11/14 09:42:21 | 000,000,713 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\ReadMe.lnk
[2009/11/14 09:42:21 | 000,001,694 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Register Products.lnk
[2009/11/14 09:42:21 | 000,000,515 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Remove the DivX Codec.lnk
[2009/11/14 09:42:22 | 000,001,018 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Latest DivX Codec news.lnk
[2009/11/14 09:42:22 | 000,001,040 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Learn about DivX Pro Codec.lnk
[2009/11/14 09:42:22 | 000,001,034 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Why Buy DivX Pro.lnk
[2009/11/14 09:42:41 | 000,000,849 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Converter.lnk
[2009/11/14 09:42:42 | 000,000,812 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\License.lnk
[2009/11/14 09:42:41 | 000,000,807 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\ReadMe.lnk
[2009/11/14 09:42:42 | 000,001,694 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Register Products.lnk
[2009/11/14 09:42:42 | 000,000,543 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Remove the DivX Converter.lnk
[2009/11/14 09:42:42 | 000,001,032 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Links\Latest DivX Converter news.lnk
[2009/11/14 09:42:42 | 000,001,050 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Links\Learn about DivX Converter.lnk
[2009/11/14 09:42:42 | 000,001,034 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Links\Why Buy DivX Pro.lnk
[2009/11/14 09:43:04 | 000,000,745 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\DivX Player.lnk
[2009/11/14 09:43:04 | 000,000,723 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\License.lnk
[2009/11/14 09:43:04 | 000,000,718 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\ReadMe.lnk
[2009/11/14 09:43:04 | 000,000,521 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Remove the DivX Player.lnk
[2009/11/14 09:43:04 | 000,001,026 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Links\Latest DivX Player news.lnk
[2009/11/14 09:43:04 | 000,001,030 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Links\Learn about DivX advanced features.lnk
[2009/11/14 09:43:04 | 000,001,044 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Links\Learn about DivX Player.lnk
[2009/11/14 09:43:05 | 000,000,762 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Plus DirectShow Filters\H264 Decoder Config.lnk
[2009/11/14 09:43:06 | 000,000,543 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Plus DirectShow Filters\Remove the DivX Plus DirectShow Filters.lnk
[2009/11/14 09:43:10 | 000,000,743 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\License.lnk
[2009/11/14 09:43:10 | 000,000,738 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\ReadMe.lnk
[2009/11/14 09:43:10 | 000,000,537 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\Remove the DivX Web Player.lnk
[2009/11/14 09:43:10 | 000,001,038 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\Links\Learn about DivX Web Player.lnk
[2009/11/14 09:42:08 | 000,001,016 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Forums.lnk
[2009/11/14 09:42:08 | 000,001,006 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Labs.lnk
[2009/11/14 09:42:08 | 000,001,020 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Products.lnk
[2009/11/14 09:42:08 | 000,001,028 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Support.lnk
[2009/11/14 09:42:08 | 000,001,030 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Learn about DivX advanced features.lnk
[2009/11/14 09:42:09 | 000,001,026 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Learn about DivX Author.lnk
[2009/11/14 09:42:08 | 000,001,030 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Learn about DivX software.lnk
[2009/11/14 09:42:08 | 000,001,024 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Visit DivX.com.lnk
[2009/11/14 09:42:09 | 000,001,034 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Why Buy DivX Pro.lnk
[2006/11/11 10:42:47 | 000,001,718 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dr SpeedTouch\Dr SpeedTouch.lnk
[2011/06/18 12:54:15 | 000,000,822 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Driving Test Success - All Tests.lnk
[2011/06/18 12:54:26 | 000,000,882 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Driving Test Success Website.lnk
[2011/06/18 12:54:31 | 000,000,822 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Uninstall Driving Test Success - All Tests.lnk
[2008/09/16 19:40:59 | 000,000,797 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Driving Test Success Website.lnk
[2008/09/16 19:40:59 | 000,000,828 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Multimedia Diagnostics Tool.lnk
[2011/06/18 12:54:56 | 000,000,863 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Support Tool.lnk
[2011/06/18 12:54:57 | 000,000,882 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Technical Support Website.lnk
[2010/10/22 18:43:29 | 000,001,820 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Epson Software\Easy Photo Print.lnk
[2010/10/22 18:43:28 | 000,001,826 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Epson Software\Read Me\Easy Photo Print.lnk
[2010/10/22 18:34:52 | 000,001,925 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\Epson Stylus SX210_SX410_TX210_TX410 Manual.lnk
[2010/10/22 18:33:26 | 000,000,676 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan Settings.lnk
[2010/10/22 18:33:25 | 000,000,683 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan.lnk
[2010/10/22 18:48:00 | 000,001,067 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON SX410 Series\Driver Update.lnk
[2010/10/22 18:48:00 | 000,000,968 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON SX410 Series\EPSON Printer Software Uninstall.lnk
[2010/10/22 18:48:00 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON SX410 Series\Technical Support.lnk
[2008/12/14 21:23:47 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\DESKTOP.INI
[2007/09/21 20:33:58 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2007/02/07 16:37:40 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2008/12/14 21:23:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2008/12/14 21:23:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2008/12/14 21:23:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2008/12/14 21:23:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2008/12/14 21:23:47 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2007/01/05 12:35:56 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2004/08/10 13:01:34 | 000,000,789 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2009/08/11 19:49:28 | 000,001,477 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Play Townopolis - Gold.lnk
[2007/09/21 20:33:59 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2008/08/26 21:18:06 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2011/11/20 11:48:09 | 000,001,925 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Google Earth.lnk
[2011/11/20 11:48:09 | 000,001,853 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in DirectX mode.lnk
[2011/11/20 11:48:09 | 000,001,857 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk
[2011/11/20 11:48:09 | 000,001,707 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth.lnk
[2011/12/18 00:28:41 | 000,000,054 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Hotspot Shield\Hotspot Shield Control Panel.url
[2011/12/18 00:28:41 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Hotspot Shield\Hotspot Shield Launch.lnk
[2011/12/18 00:28:41 | 000,000,567 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Hotspot Shield\Uninstall Hotspot Shield.lnk
[2008/04/12 13:39:06 | 000,001,917 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\Install Guide.lnk
[2008/04/12 13:39:06 | 000,001,834 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\Monopoly Tycoon.lnk
[2008/04/12 13:39:06 | 000,001,866 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\ReadMe.lnk
[2008/04/12 13:39:06 | 000,002,130 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\Uninstall Monopoly Tycoon.lnk
[2011/12/01 20:42:29 | 000,001,827 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/12/01 20:42:28 | 000,001,554 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2008/10/19 18:28:44 | 000,001,893 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\LG PC Suite 2\Uninstall LG PC Suite.lnk
[2008/10/19 19:29:19 | 000,000,827 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
[2008/10/19 19:29:19 | 000,001,172 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
[2011/01/30 15:18:05 | 000,002,735 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam.lnk
[2007/03/11 15:57:57 | 000,000,974 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Building Architect Plus.lnk
[2007/03/11 15:57:57 | 000,000,993 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Contact Support.lnk
[2007/03/11 15:57:57 | 000,001,086 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Get SimCity Updates.lnk
[2007/03/11 15:57:57 | 000,000,969 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\SimCity 3000 World Edition.lnk
[2007/03/11 15:57:57 | 000,002,234 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\SimCity Scenario Creator.lnk
[2007/03/11 15:57:57 | 000,000,799 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Uninstall SimCity 3000 World Edition.lnk
[2007/03/11 15:57:57 | 000,000,904 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\View SimCity Readme.lnk
[2007/03/11 15:57:57 | 000,002,175 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Visit SimCity Exchange.lnk
[2007/01/21 11:28:46 | 000,000,863 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\MGI PhotoSuite III SE\MGI PhotoSuite III SE.lnk
[2007/01/21 11:28:46 | 000,000,841 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\MGI PhotoSuite III SE\Read Me.lnk
[2007/01/21 11:28:46 | 000,001,266 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\MGI PhotoSuite III SE\UnInstall PhotoSuite III SE.lnk
[2009/03/25 19:51:43 | 000,001,855 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Trial\Age of Empires Trial.lnk
[2009/03/25 19:51:43 | 000,001,864 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Trial\Uninstall Age of Empires Trial.lnk
[2009/05/03 21:10:23 | 000,001,448 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Live Add-in\Office Live Add-in Help.lnk
[2009/05/03 21:10:23 | 000,001,348 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Live Add-in\Office Live Workspace.lnk
[2010/07/15 02:05:59 | 000,002,549 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
[2010/01/15 22:07:37 | 000,002,561 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2010/01/15 22:07:37 | 000,002,603 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk
[2010/06/09 23:26:33 | 000,002,593 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk
[2010/01/15 22:07:37 | 000,002,525 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2010/01/15 22:07:37 | 000,002,599 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
[2011/12/15 11:08:24 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2010/01/15 22:07:37 | 000,002,517 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
[2012/01/11 13:00:26 | 000,002,527 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2010/01/15 22:07:37 | 000,002,553 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2010/01/15 22:07:37 | 000,002,533 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/01/15 22:07:37 | 000,002,433 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2010/01/15 22:07:37 | 000,002,531 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2010/01/15 22:07:37 | 000,002,511 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2005/01/21 03:56:44 | 000,001,535 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2005/01/21 03:56:44 | 000,001,861 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2005/01/21 03:56:44 | 000,001,976 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2005/01/21 03:56:44 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2005/01/21 03:56:44 | 000,001,597 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2005/01/21 03:56:44 | 000,001,611 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2005/01/21 03:56:44 | 000,001,603 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2005/01/21 03:56:44 | 000,000,688 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
[2011/12/01 20:54:18 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/12/01 20:54:18 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/12/01 20:54:18 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/12/01 20:54:19 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2007/08/13 14:18:31 | 000,000,661 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Electronic Registration.lnk
[2007/08/13 14:18:34 | 000,000,635 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Play free over the Internet through Heat.lnk
[2007/08/13 14:18:26 | 000,001,549 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Railroad Tycoon II.lnk
[2007/08/13 14:18:28 | 000,000,722 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Readme instructions.lnk
[2007/02/08 22:14:36 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
[2007/02/08 22:14:36 | 000,000,581 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
[2007/02/08 22:14:36 | 000,000,679 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
[2007/02/08 22:14:36 | 000,000,832 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
[2007/02/08 22:14:36 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
[2007/02/08 22:14:36 | 000,000,733 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
[2007/02/08 22:14:36 | 000,000,940 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
[2009/12/01 20:14:39 | 000,001,854 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Safari\Safari.lnk
[2007/01/21 10:16:52 | 000,000,705 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Digimax Viewer 2.0\Digimax Viewer 2.0.lnk
[2007/01/21 10:16:55 | 000,000,705 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Digimax Viewer 2.0\Digimax Viewer Help.lnk
[2007/01/21 10:16:55 | 000,001,210 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Digimax Viewer 2.0\Uninstall Digimax Viewer 2.0.lnk
[2011/11/30 23:24:09 | 000,001,970 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2005/01/21 04:00:46 | 000,000,495 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\DLA\DLA Help.lnk
[2005/01/21 03:56:03 | 000,001,632 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Create DVD.lnk
[2005/01/21 03:56:03 | 000,001,632 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Create VCD.lnk
[2005/01/21 03:56:03 | 000,001,610 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Start MyDVD.lnk
[2005/01/21 04:00:50 | 000,000,551 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\RecordNow!\RecordNow Help.lnk
[2005/01/21 04:00:50 | 000,001,857 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\RecordNow!\RecordNow!.lnk
[2007/09/19 22:10:21 | 000,001,695 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Picture Motion Browser.lnk
[2007/09/19 22:12:18 | 000,001,823 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Video Disc Copier.lnk
[2007/09/19 22:13:22 | 000,001,931 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Handycam (Hard Disk Drive) Tools\HDD Handycam Utility.lnk
[2007/09/19 22:13:22 | 000,001,926 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Handycam (Hard Disk Drive) Tools\One Touch Disc Burn Settings.lnk
[2007/09/19 22:10:25 | 000,000,907 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Help\Picture Motion Browser.lnk
[2007/09/19 22:12:22 | 000,001,885 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Help\Video Disc Copier.lnk
[2007/09/19 22:11:09 | 000,001,894 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import from\Digital Still Camera or Memory Stick (DCF Format).lnk
[2007/09/19 22:13:22 | 000,001,931 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import from\Handycam (Hard Disk Drive).lnk
[2007/09/19 22:12:40 | 000,001,910 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import from\Handycam or Computer (Disc).lnk
[2007/09/19 22:15:17 | 000,000,129 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Support\Software Support.url
[2007/09/19 22:11:22 | 000,001,805 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Information Tool.lnk
[2007/09/19 22:10:53 | 000,001,840 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Location Settings Tool.lnk
[2007/09/19 22:10:42 | 000,001,875 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Media Check Tool.lnk
[2007/09/19 22:10:53 | 000,001,775 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Settings Initialization Tool.lnk
[2012/01/04 18:28:22 | 000,001,713 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sophos\Sophos Endpoint Security and Control\Sophos Endpoint Security and Control.lnk
[2012/01/04 18:28:21 | 000,001,767 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sophos\Sophos Endpoint Security and Control\Visit www.sophos.com.lnk
[2006/11/11 10:40:45 | 000,001,650 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\SpeedTouch USB\Freedom Broadband.lnk
[2006/11/11 10:40:45 | 000,001,650 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\SpeedTouch USB\SpeedTouch USB Diagnostics (PPP).lnk
[2009/07/01 21:03:58 | 000,000,910 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Startup\Acrobat Assistant.lnk
[2004/08/10 13:04:12 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Startup\DESKTOP.INI
[2007/01/21 10:16:52 | 000,000,705 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Startup\Digimax Viewer 2.0.lnk
[2007/12/09 17:05:04 | 000,001,379 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\TomTom\TomTom HOME 2.lnk
[2007/12/09 17:05:10 | 000,002,080 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\TomTom\Uninstall TomTom HOME 2.lnk
[2009/12/09 23:29:19 | 000,002,485 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Tonium\Pacemaker Editor\Pacemaker Editor.lnk
[2009/12/06 16:03:16 | 000,001,713 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Tonium\Pacemaker Editor\Uninstall Pacemaker Editor.lnk
[2009/08/11 19:49:28 | 000,001,200 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\More Great Games.lnk
[2009/08/11 19:49:28 | 000,001,477 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\Play Townopolis - Gold.lnk
[2009/08/11 19:49:28 | 000,001,465 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\Uninstall Townopolis - Gold.lnk
[2009/08/11 19:49:28 | 000,001,465 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\Unlock Townopolis - Gold.lnk
[2011/02/10 20:38:04 | 000,001,690 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
[2011/02/10 20:47:19 | 000,001,978 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Family Safety.lnk
[2011/02/10 20:42:31 | 000,001,931 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
[2011/02/10 20:39:54 | 000,001,839 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
[2011/02/10 20:44:50 | 000,001,947 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
[2011/02/10 20:46:46 | 000,001,914 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
[2008/02/11 22:25:42 | 000,000,685 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
[2008/02/11 22:25:42 | 000,000,704 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
[2008/02/11 22:25:42 | 000,000,704 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
[2006/11/11 01:28:43 | 000,000,119 | -HS- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\DESKTOP.INI
[2009/06/19 10:22:50 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2010/01/16 12:19:32 | 000,000,792 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Microsoft Office Outlook.lnk
[2008/12/22 15:22:13 | 000,001,620 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2005/01/21 03:59:32 | 000,000,742 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\QuickTime Player.lnk
[2007/02/08 22:14:56 | 000,000,915 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\RealPlayer.lnk
[2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2012/01/22 09:07:14 | 000,000,853 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\System Check.lnk
[2009/11/14 09:50:53 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2012/01/13 13:03:36 | 000,001,729 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
[2011/11/20 11:48:09 | 000,001,915 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Google Earth.lnk
[2011/12/18 00:29:55 | 000,000,803 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Hotspot Shield Launch.lnk
[2011/12/01 20:42:29 | 000,001,542 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2008/12/22 15:22:13 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2011/12/01 20:54:19 | 000,001,604 | ---- | M] () -- C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB8D545
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D5BB34A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166

< End of report >

Look forward to hearing from you.

Many thanks for your help,


twistpile

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 29 January 2012 - 12:58 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 29 January 2012 - 05:37 PM

Ran OK

It did not ask for a reboot.

I saw access denied on something as it was running.

Sophos detected LnkFkAV-F as OTL was running or straight afterwards.

Google searches still being redirected.

========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\SpyHunter.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Acrobat Distiller 5.0.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Acrobat 5.0.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Bridge CS3.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Device Central CS3.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe ExtendScript Toolkit 2.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop CS3.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Adobe Stock Photos CS3.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\PowerDVD.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\RealPlayer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator (2).lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\BBC iPlayer Download Manager\BBC iPlayer Download Manager.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry\BlackBerry Desktop Software.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\BlackBerry\Readme.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\CamStudio.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\Movie Player 2.1.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\Movie Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\SWF Producer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\CamStudio\Uninstall.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Coupon Printer\beforeIshop.co.uk Coupon Gallery.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Creative\Product Registration.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell\Media Experience\Register Media Experience.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell\Media Experience\Start Media Experience.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Driver Reset Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell Picture Studio Home.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell.Shutterfly.com - Online Print Service.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\On-line Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Paint Shop Photo Album.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Product Tour.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Uninstall Paint Shop Photo Album.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Check Now.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Dell Support Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Dell Support Settings.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dell Support\Dell Support.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Check for DivX Updates.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Post DivXr video to your website.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Remove the DivX Bundle.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Why Buy DivX Pro.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Decoder Configuration Utility.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\License.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\ReadMe.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Register Products.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Remove the DivX Codec.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Latest DivX Codec news.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Learn about DivX Pro Codec.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Why Buy DivX Pro.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Converter.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\License.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\ReadMe.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Register Products.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Remove the DivX Converter.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Links\Latest DivX Converter news.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Links\Learn about DivX Converter.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Converter\Links\Why Buy DivX Pro.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\DivX Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\License.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\ReadMe.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Remove the DivX Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Links\Latest DivX Player news.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Links\Learn about DivX advanced features.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Player\Links\Learn about DivX Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Plus DirectShow Filters\H264 Decoder Config.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Plus DirectShow Filters\Remove the DivX Plus DirectShow Filters.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\License.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\ReadMe.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\Remove the DivX Web Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Web Player\Links\Learn about DivX Web Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Forums.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Labs.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Products.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\DivX Support.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Learn about DivX advanced features.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Learn about DivX Author.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Learn about DivX software.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Visit DivX.com.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\DivX\Helpful Links\Why Buy DivX Pro.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Dr SpeedTouch\Dr SpeedTouch.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Driving Test Success - All Tests.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Driving Test Success Website.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Uninstall Driving Test Success - All Tests.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Driving Test Success Website.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Multimedia Diagnostics Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Support Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Driving Test Success - All Tests (2007-2008)\Technical Support\Technical Support Website.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\Epson Stylus SX210_SX410_TX210_TX410 Manual.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan Settings.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON SX410 Series\Driver Update.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON SX410 Series\EPSON Printer Software Uninstall.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON SX410 Series\Technical Support.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Epson Software\Easy Photo Print.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Epson Software\Read Me\Easy Photo Print.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Play Townopolis - Gold.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Google Earth.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in DirectX mode.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Hotspot Shield\Hotspot Shield Control Panel.url
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Hotspot Shield\Hotspot Shield Launch.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Hotspot Shield\Uninstall Hotspot Shield.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\Install Guide.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\Monopoly Tycoon.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\ReadMe.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Infogrames Interactive\Monopoly Tycoon\Uninstall Monopoly Tycoon.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\LG PC Suite 2\Uninstall LG PC Suite.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\LGMobile Support Tool\LGMobile update.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\LGMobile Support Tool\Uninstall.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech QuickCam.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Building Architect Plus.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Contact Support.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Get SimCity Updates.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\SimCity 3000 World Edition.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\SimCity Scenario Creator.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Uninstall SimCity 3000 World Edition.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\View SimCity Readme.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Maxis\SimCity 3000 World Edition\Visit SimCity Exchange.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\MGI PhotoSuite III SE\MGI PhotoSuite III SE.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\MGI PhotoSuite III SE\Read Me.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\MGI PhotoSuite III SE\UnInstall PhotoSuite III SE.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Trial\Age of Empires Trial.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Trial\Uninstall Age of Empires Trial.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Live Add-in\Office Live Add-in Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Live Add-in\Office Live Workspace.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Electronic Registration.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Play free over the Internet through Heat.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Railroad Tycoon II.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Railroad Tycoon II\Readme instructions.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Safari\Safari.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Digimax Viewer 2.0\Digimax Viewer 2.0.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Digimax Viewer 2.0\Digimax Viewer Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Digimax Viewer 2.0\Uninstall Digimax Viewer 2.0.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\DLA\DLA Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Create DVD.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Create VCD.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Start MyDVD.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\RecordNow!\RecordNow Help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sonic\RecordNow!\RecordNow!.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Picture Motion Browser.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Video Disc Copier.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Handycam (Hard Disk Drive) Tools\HDD Handycam Utility.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Handycam (Hard Disk Drive) Tools\One Touch Disc Burn Settings.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Help\Picture Motion Browser.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Help\Video Disc Copier.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import from\Digital Still Camera or Memory Stick (DCF Format).lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import from\Handycam (Hard Disk Drive).lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import from\Handycam or Computer (Disc).lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Support\Software Support.url
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Information Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Location Settings Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Media Check Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Settings Initialization Tool.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sophos\Sophos Endpoint Security and Control\Sophos Endpoint Security and Control.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Sophos\Sophos Endpoint Security and Control\Visit www.sophos.com.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\SpeedTouch USB\Freedom Broadband.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\SpeedTouch USB\SpeedTouch USB Diagnostics (PPP).lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Startup\Acrobat Assistant.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Startup\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Startup\Digimax Viewer 2.0.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\TomTom\TomTom HOME 2.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\TomTom\Uninstall TomTom HOME 2.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Tonium\Pacemaker Editor\Pacemaker Editor.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Tonium\Pacemaker Editor\Uninstall Pacemaker Editor.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\More Great Games.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\Play Townopolis - Gold.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\Uninstall Townopolis - Gold.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Townopolis - Gold\Unlock Townopolis - Gold.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Family Safety.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
279 File(s) copied
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\DESKTOP.INI
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Microsoft Office Outlook.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\QuickTime Player.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\RealPlayer.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\2\System Check.lnk
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Google Earth.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Hotspot Shield Launch.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
C:\DOCUME~1\Micheal\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
6 File(s) copied
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Micheal\Restart files\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01292012_222156

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 29 January 2012 - 09:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 30 January 2012 - 02:06 PM

Things have gotten a whole lot worse.

I've now been forced onto my notebook, I can't do anything on the PC now. Sophos warned about ExpJS-CK again yesterday but when I switch off the PC it seemed OK. I switched it on tonight and just as everything was coming up a warning panel came up saying Windows detected a hard disk problem and loads of warnings kept coming up.

I tried to do a system restore in safe mode but it says system restore is turned off and cannot be turn on in safe mode. Went back into normal mode but could not turn system restore back on, the virus has really got a hold now, it's hidden all my files telling me C:\ is unreadable, I don't know how to make them viewable again. It's saying Hard drive clusters are partly damaged. Segment load failure. It's inviting me to do a system scan.

I can't even turn off the computer by the start button, oh done it now if I'm quick before it does a screen refresh.

I do have recovery console installed, I have tried to use it but, it seemed to hang, how long should it take to come up?

Any suggestions?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 30 January 2012 - 02:58 PM

Hello

I would like you to download these programs if you don't have them yet to the desktop and have them ready to use .

RKill - exeHelper - Malwarebytes' Anti-Malware
Unhide.exe


After you have them on your desktop restart your computer and as soon as you can start with RKill

:Rkill:

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine,
If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program


Next I want you to run the unhide.exe program just double click to run it.

: Malwarebytes' Anti-Malware :

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me have these logs and let me know how the computer is doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 01 February 2012 - 01:38 PM

I can't do any of this, I can't get onto the Internet, my desktop is empty, I just have a black screen. Some how this virus has hidden all my files.

In safe mode I can go into dos, cd out of the directory I'm in, when I try to CD back in, it won't let me, says The system cannot find the path specified, but I do a DIR I can see the directory..!!

When I'm in XP and do a start, All Programs, nearly everything has disappeared. I can see System Check, which is the culprit for all this.

Any suggestions?

#10 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 01 February 2012 - 02:31 PM

I've got Windows Internet explorer up, I can't save to my desktop, it just disappears but, I am running Rkill instead of saving it, I think it is running. Sophos just reported FakeAV-QQ..!! How long is Rkill likely to take? I don't understand this "You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again" I have nothing on my desktop..!!

Running Unhide.exe too.

Edited by twistpile, 01 February 2012 - 03:02 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 01 February 2012 - 02:37 PM

Hello


restart the computer and run MBAM in safe mode


Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 01 February 2012 - 04:14 PM

Is it best to run MBAM in safe mode or normal?

I'm making progress, unhide.exe was a big help, I can see everything on my desktop again. was able to save MBAM to my desktop, I'm now running it in normal mode, 6 Objects detected so far.

I can now see Rkill on my desktop, is it worth running it again? What does it do?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 01 February 2012 - 04:49 PM

if MBAM is running let it be and send me the report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 twistpile

twistpile
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 01 February 2012 - 06:48 PM

Here are the two logs, I ran exeHelper after MBAM finished.

Sophos is still constantly flagging Mal\LnkFkAV-F and moving it to quarantine. PC is operating very, very slow.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Micheal :: BILL [administrator]

01/02/2012 20:48:05
mbam-log-2012-02-01 (20-48-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365651
Time elapsed: 2 hour(s), 13 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.SeekMo) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PAwhgCLyHSr.exe (Trojan.FakeAV) -> Data: C:\Documents and Settings\All Users\Application Data\PAwhgCLyHSr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 11
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Application Data\shct8ej0en2n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Documents and Settings\All Users\Application Data\PAwhgCLyHSr.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\xVBLPBYne15Z7a.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\My Documents\Downloads\Setup.exe (Adware.SeekMo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlotte\My Documents\Downloads\ZwinkySetup2.3.64.2.SA.HP.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josh\Local Settings\Temp\tzlFE.tmp (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josh\Local Settings\Temp\VVSNInst.exe (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josh\Local Settings\Temp\sai81.tmp (Adware.SeekMo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Micheal\Local Settings\Temp\OWwzzAajT5VqBO.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


exeHelper by Raktor
Build 20100414
Run at 23:30:03 on 02/01/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 01 February 2012 - 07:14 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users