Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help removing trojan Rustock [CLOSED]


  • This topic is locked This topic is locked

#1
pgrooms28

pgrooms28

    New Member

  • Member
  • Pip
  • 4 posts
here is my hijackthis info--i've tried to remove 4 trojan rustock from my system but they will not come off, when my computer restarts i get error messages that tells me windows cant find and cant down load certain files...i followed all procedures that you provided and below is my problem:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:45, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F3 - REG:win.ini: load=??? ?
O4 - HKLM\..\Run: [tkbellexe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lsbwatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hphupd06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hphmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [high definition audio property page shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [alcwzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [registrymechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [google desktop search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [international] International*
O16 - DPF: {0e5f0222-96b9-11d3-8997-00104bd12d94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5547 bytes

Also is my fsecure online scan:

Scanning Report
Saturday, August 16, 2008 11:50:50 - 13:31:30
Computer name: THEBIGDADDY
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\

Result: 5 malware found
FraudTool.Win32.SpyNoMore (spyware)
System
Tracking Cookie (spyware)
System
Trojan-Downloader.Win32.Small.aaxk (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\721529861.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.aaxr (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\633968421.EXE (Renamed & Submitted)
Trojan-Spy.HTML.Fraud.gen (virus)
C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\HOTMAIL (PG 1EF\A BE READ L 823\328A08AF-0000011C.EML (Submitted)

Statistics
Scanned:
Files: 72805
System: 4351
Not scanned: 13
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 3
Submitted: 3
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\2FAC5050.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\5EAAA32D.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\82832B75.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\E536EAA1.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B8D3942D-2D9E-4D75-99D2-29CB1B0B0AA2}.BIN
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-08-15
F-Secure AVP: 7.0.171, 2008-08-16
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

also is my malwarebytes log:


Malwarebytes' Anti-Malware 1.24
Database version: 1054
Windows 5.1.2600 Service Pack 2

11:03:33 AM 8/16/2008
mbam-log-8-16-2008 (11-03-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 142551
Time elapsed: 30 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\2fac5050.sys (Trojan.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\5eaaa32d.sys (Trojan.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\82832b75.sys (Trojan.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\e536eaa1.sys (Trojan.Rustock) -> Delete on reboot.

Edited by pgrooms28, 16 August 2008 - 01:18 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
pgrooms28

pgrooms28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
the next combo/fix report.....

ComboFix 08-08-16.01 - HP_Owner 2008-08-17 18:12:23.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.317 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt

.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-17 17:40 . 2008-08-17 17:42 <DIR> d-------- C:\SDFix
2008-08-16 14:16 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-16 14:16 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-16 14:06 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-16 14:06 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-16 14:04 . 2008-08-16 14:04 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-16 13:58 . 2008-08-16 13:58 <DIR> d-------- C:\WINDOWS\EHome
2008-08-16 13:54 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-16 13:54 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-16 13:54 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-16 13:54 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-16 13:52 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-16 12:52 . 2008-08-16 12:52 <DIR> d-------- C:\Program Files\FastAccessDSL
2008-08-16 12:52 . 2008-08-16 12:52 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-08-16 12:40 . 2008-08-16 12:40 10,552,262 --a------ C:\Documents and Settings\HP_Owner\HC43SInstaller.exe
2008-08-16 11:47 . 2008-08-16 11:47 <DIR> d-------- C:\fsaua.data
2008-08-16 11:37 . 2008-08-16 11:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 11:37 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 11:37 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 00:00 . 2008-08-17 02:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 10:54 . 2008-08-15 10:54 <DIR> d-------- C:\Program Files\CCleaner
2008-08-15 00:39 . 2008-08-15 00:45 <DIR> d-------- C:\Rustbfix
2008-08-14 23:43 . 2006-11-07 22:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-08-14 21:40 . 2008-08-14 21:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-14 18:44 . 2008-08-14 21:39 837 --a------ C:\clean.reg
2008-08-14 18:43 . 2005-01-22 13:32 61,440 --a------ C:\Documents and Settings\HP_Owner\sdelete.exe
2008-08-14 18:43 . 2007-07-25 14:12 44,480 --a------ C:\Documents and Settings\HP_Owner\mru.reg
2008-08-14 18:43 . 2003-01-05 13:20 32,768 --a------ C:\Documents and Settings\HP_Owner\indexcleaner.exe
2008-08-14 18:43 . 2007-10-24 18:34 28,673 --a------ C:\Documents and Settings\HP_Owner\install.bat
2008-08-14 18:21 . 2008-08-14 18:21 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-08-14 18:21 . 2008-08-14 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 17:46 . 2008-08-14 19:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-14 17:36 . 2008-08-14 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-13 16:56 . 2008-08-13 16:56 48 --a------ C:\WINDOWS\FileNamesinQueue.ini
2008-08-13 07:23 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 19:31 . 2008-08-17 18:05 2,958 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-12 18:58 . 2008-08-12 18:58 <DIR> d-------- C:\Program Files\Microsoft Easy Assist
2008-08-12 17:00 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-12 16:59 . 2008-04-13 20:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-12 16:46 . 2008-08-12 16:46 <DIR> d-------- C:\38a428fa8503e68def
2008-08-12 15:21 . 2008-08-12 15:21 <DIR> d-------- C:\76bab2872e996750762a4023787ece
2008-08-12 15:00 . 2008-08-12 15:00 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-30 18:34 . 2008-07-31 22:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 22:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 13:04 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-16 18:12 --------- d-----w C:\Program Files\Support.com
2008-08-16 15:37 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-08-15 15:57 --------- d-----w C:\Program Files\Google
2008-08-15 15:51 --------- d-----w C:\Program Files\Trend Micro
2008-08-15 15:05 --------- d-----w C:\Program Files\Java
2008-08-15 12:58 --------- d-----w C:\Program Files\LimeWire
2008-08-15 12:57 --------- d-----w C:\Program Files\Windows Live
2008-08-15 12:52 --------- d-----w C:\Program Files\HP
2008-08-15 00:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 00:08 --------- d-----w C:\Program Files\Safari
2008-08-15 00:05 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-08-14 23:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2008-08-14 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AT&T
2008-08-14 22:46 --------- d-----w C:\Program Files\Wireless Optical Mouse
2008-08-14 22:46 --------- d-----w C:\Program Files\Spelling Bee Tutor-PDA
2008-08-14 22:46 --------- d-----w C:\Program Files\Plaxo
2008-08-14 22:46 --------- d-----w C:\Program Files\MP3 Rocket
2008-08-14 22:46 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-14 22:46 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-08-14 22:46 --------- d-----w C:\Program Files\Help and Support Additions
2008-08-14 22:46 --------- d-----w C:\Program Files\Formatta 7.0
2008-08-14 22:46 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-14 22:46 --------- d-----w C:\Program Files\Documents To Go
2008-08-14 22:46 --------- d-----w C:\Program Files\Common Files\DataViz
2008-08-14 22:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-14 21:40 --------- d-----w C:\Program Files\PCPitstop
2008-08-14 16:31 --------- d-----w C:\Program Files\Yahoo!
2008-08-13 23:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-13 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 23:13 --------- d-----w C:\Program Files\PDF995
2008-08-13 22:30 46,048 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-08-13 18:42 --------- d-----w C:\Program Files\NoAdware4
2008-08-13 18:03 --------- d-----w C:\Program Files\Citrix
2008-08-12 21:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 21:05 --------- d-----w C:\Program Files\RogueRemover PRO
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-12-12 15:51 56,912 ----a-w C:\Documents and Settings\HP_Owner\g2mdlhlpx.exe
2006-07-10 19:03 2,162 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-11-22 13:46 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"registrymechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 16:41 2828184]
"msmsgs"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"cdloader"="C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 15:37 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tkbellexe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-14 17:56 180269]
"quicktime task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"lsbwatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 17:54 253952]
"ituneshelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04 52736]
"hphupd06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 14:53 49152]
"hphmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 14:42 659456]
"hpdj taskbar utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 06:28 172032]
"hotkeyscmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59 126976]
"adobe reader speed launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HelpCenter4.1"="C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2008-06-18 00:13 198184]
"soundman"="SOUNDMAN.EXE" [2005-04-06 18:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"high definition audio property page shortcut"="HDAudPropShortcut.exe" [2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"alcwzrd"="ALCWZRD.EXE" [2005-04-06 18:53 2805248 C:\WINDOWS\ALCWZRD.EXE]
"agrsmmsg"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
backup=C:\WINDOWS\pss\HP Organize.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aim6.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\shell\autorun\command - M:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b879752-0a70-11dd-96e9-0011d8e3bc2f}]
\Shell\AutoRun\command - G:\SETUP.EXE
\Shell\VERB\COMMAND - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-17 C:\WINDOWS\Tasks\HP Usg Daily FY04.job
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 14:53]

2008-08-17 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\HP\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 14:05]

2005-11-26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe []

2008-08-13 C:\WINDOWS\Tasks\WebReg Deskjet 3900 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2006-06-07 17:45]
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 18:18:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-17 18:23:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-17 22:22:48
ComboFix2.txt 2008-08-17 14:22:10

Pre-Run: 159,685,361,664 bytes free
Post-Run: 159,133,663,232 bytes free

219 --- E O F --- 2008-08-17 06:27:07





AND THE NEW HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:38, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [tkbellexe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lsbwatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hphupd06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hphmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [high definition audio property page shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [alcwzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [registrymechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-21-3475674480-2307025726-3434973432-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [international] International*
O16 - DPF: {0e5f0222-96b9-11d3-8997-00104bd12d94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5095 bytes
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the SDFix log
  • 0

#5
pgrooms28

pgrooms28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry, kind of new...thought that i had completed the sdfix.........this is the sdfix, a new combofix and a new hijack this log..............................


SDFix: Version 1.216
Run by HP_Owner on Sun 08/17/2008 at 21:00

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfIx.runthis.bat\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\hosts - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 21:08:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{3C9A56DA-221C-483F-A5D7-036D4FE9F4A7}\Properties]
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories]
@=""

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aexplore.exe"="C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aexplore.exe:*:Enabled:AOL Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFIXR~1.BAT\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 19 Jun 2005 213 A.SHR --- "C:\BOOT.BAK"
Sun 25 Jun 2006 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Sun 18 Feb 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Fri 18 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 22 Nov 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sat 16 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 1 Nov 2006 927 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Thu 12 Jun 2008 827,000 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\ar00000\install.exe"
Thu 12 Jun 2008 7,363,896 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\in00000\setup.exe"
Thu 12 Jun 2008 827,000 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\Upgrade\install1.exe"
Thu 12 Jun 2008 7,363,896 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\Upgrade\setup1.exe"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\HP_Owner\Shared\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003)\MSDE2000\SQLRESLD.DLL"

Finished!


ComboFix 08-08-17.03 - HP_Owner 2008-08-17 21:14:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.207 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\UserData
C:\Documents and Settings\HP_Owner\UserData\index.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 20:59 . 2008-08-17 20:59 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-08-17 20:57 . 2008-08-17 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-17 20:09 . 2008-08-17 20:09 <DIR> d-------- C:\sdfIx.runthis.bat
2008-08-17 17:40 . 2008-08-15 21:15 <DIR> d-------- C:\SDFix
2008-08-16 14:16 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-16 14:16 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-16 14:06 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-16 14:06 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-16 14:04 . 2008-08-16 14:04 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-16 13:58 . 2008-08-16 13:58 <DIR> d-------- C:\WINDOWS\EHome
2008-08-16 13:54 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-16 13:54 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-16 13:54 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-16 13:54 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-16 13:52 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-16 12:52 . 2008-08-16 12:52 <DIR> d-------- C:\Program Files\FastAccessDSL
2008-08-16 12:52 . 2008-08-16 12:52 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-08-16 12:40 . 2008-08-16 12:40 10,552,262 --a------ C:\Documents and Settings\HP_Owner\HC43SInstaller.exe
2008-08-16 11:47 . 2008-08-16 11:47 <DIR> d-------- C:\fsaua.data
2008-08-16 11:37 . 2008-08-16 11:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 11:37 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 11:37 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 00:00 . 2008-08-17 02:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 10:54 . 2008-08-15 10:54 <DIR> d-------- C:\Program Files\CCleaner
2008-08-15 00:39 . 2008-08-15 00:45 <DIR> d-------- C:\Rustbfix
2008-08-14 23:43 . 2006-11-07 22:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-08-14 21:40 . 2008-08-14 21:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-14 18:44 . 2008-08-14 21:39 837 --a------ C:\clean.reg
2008-08-14 18:43 . 2005-01-22 13:32 61,440 --a------ C:\Documents and Settings\HP_Owner\sdelete.exe
2008-08-14 18:43 . 2007-07-25 14:12 44,480 --a------ C:\Documents and Settings\HP_Owner\mru.reg
2008-08-14 18:43 . 2003-01-05 13:20 32,768 --a------ C:\Documents and Settings\HP_Owner\indexcleaner.exe
2008-08-14 18:43 . 2007-10-24 18:34 28,673 --a------ C:\Documents and Settings\HP_Owner\install.bat
2008-08-14 18:21 . 2008-08-14 18:21 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-08-14 18:21 . 2008-08-14 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 17:46 . 2008-08-14 19:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-14 17:36 . 2008-08-14 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-13 16:56 . 2008-08-13 16:56 48 --a------ C:\WINDOWS\FileNamesinQueue.ini
2008-08-13 07:23 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 19:31 . 2008-08-17 18:05 2,958 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-12 18:58 . 2008-08-12 18:58 <DIR> d-------- C:\Program Files\Microsoft Easy Assist
2008-08-12 17:00 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-12 16:59 . 2008-04-13 20:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-12 16:46 . 2008-08-12 16:46 <DIR> d-------- C:\38a428fa8503e68def
2008-08-12 15:21 . 2008-08-12 15:21 <DIR> d-------- C:\76bab2872e996750762a4023787ece
2008-08-12 15:00 . 2008-08-12 15:00 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-30 18:34 . 2008-07-31 22:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 01:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 13:04 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-16 18:12 --------- d-----w C:\Program Files\Support.com
2008-08-16 15:37 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-08-15 15:57 --------- d-----w C:\Program Files\Google
2008-08-15 15:51 --------- d-----w C:\Program Files\Trend Micro
2008-08-15 15:05 --------- d-----w C:\Program Files\Java
2008-08-15 12:58 --------- d-----w C:\Program Files\LimeWire
2008-08-15 12:57 --------- d-----w C:\Program Files\Windows Live
2008-08-15 12:52 --------- d-----w C:\Program Files\HP
2008-08-15 00:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 00:08 --------- d-----w C:\Program Files\Safari
2008-08-15 00:05 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-08-14 23:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2008-08-14 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AT&T
2008-08-14 22:46 --------- d-----w C:\Program Files\Wireless Optical Mouse
2008-08-14 22:46 --------- d-----w C:\Program Files\Spelling Bee Tutor-PDA
2008-08-14 22:46 --------- d-----w C:\Program Files\Plaxo
2008-08-14 22:46 --------- d-----w C:\Program Files\MP3 Rocket
2008-08-14 22:46 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-14 22:46 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-08-14 22:46 --------- d-----w C:\Program Files\Help and Support Additions
2008-08-14 22:46 --------- d-----w C:\Program Files\Formatta 7.0
2008-08-14 22:46 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-14 22:46 --------- d-----w C:\Program Files\Documents To Go
2008-08-14 22:46 --------- d-----w C:\Program Files\Common Files\DataViz
2008-08-14 22:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-14 21:40 --------- d-----w C:\Program Files\PCPitstop
2008-08-14 16:31 --------- d-----w C:\Program Files\Yahoo!
2008-08-13 23:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-13 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 23:13 --------- d-----w C:\Program Files\PDF995
2008-08-13 22:30 46,048 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-08-13 18:42 --------- d-----w C:\Program Files\NoAdware4
2008-08-13 18:03 --------- d-----w C:\Program Files\Citrix
2008-08-12 21:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 21:05 --------- d-----w C:\Program Files\RogueRemover PRO
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-12-12 15:51 56,912 ----a-w C:\Documents and Settings\HP_Owner\g2mdlhlpx.exe
2006-07-10 19:03 2,162 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-11-22 13:46 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [email protected]_10.21.03.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-18 00:57:46 8,691,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-18 00:57:47 3,088,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-18 00:57:25 8,691,712 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-18 00:57:26 3,088,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"registrymechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 16:41 2828184]
"msmsgs"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"cdloader"="C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 15:37 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tkbellexe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-14 17:56 180269]
"quicktime task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"lsbwatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 17:54 253952]
"ituneshelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04 52736]
"hphupd06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 14:53 49152]
"hphmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 14:42 659456]
"hpdj taskbar utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 06:28 172032]
"hotkeyscmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59 126976]
"adobe reader speed launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HelpCenter4.1"="C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2008-06-18 00:13 198184]
"soundman"="SOUNDMAN.EXE" [2005-04-06 18:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"high definition audio property page shortcut"="HDAudPropShortcut.exe" [2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"alcwzrd"="ALCWZRD.EXE" [2005-04-06 18:53 2805248 C:\WINDOWS\ALCWZRD.EXE]
"agrsmmsg"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
backup=C:\WINDOWS\pss\HP Organize.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aim6.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136931325\\ee\\aexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\shell\autorun\command - M:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b879752-0a70-11dd-96e9-0011d8e3bc2f}]
\Shell\AutoRun\command - G:\SETUP.EXE
\Shell\VERB\COMMAND - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\HP Usg Daily FY04.job
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 14:53]

2008-08-17 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\HP\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 14:05]

2005-11-26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe []

2008-08-13 C:\WINDOWS\Tasks\WebReg Deskjet 3900 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2006-06-07 17:45]
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 21:19:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-17 21:24:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 01:23:55
ComboFix2.txt 2008-08-17 22:23:43
ComboFix3.txt 2008-08-17 14:22:10

Pre-Run: 158,927,724,544 bytes free
Post-Run: 158,918,549,504 bytes free

232 --- E O F --- 2008-08-17 06:27:07



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:07, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [tkbellexe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lsbwatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hphupd06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hphmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [high definition audio property page shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [alcwzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [registrymechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-21-3475674480-2307025726-3434973432-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [international] International*
O16 - DPF: {0e5f0222-96b9-11d3-8997-00104bd12d94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5079 bytes

Edited by pgrooms28, 17 August 2008 - 08:31 PM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\uccspecb.sys
C:\WINDOWS\uccspecc.sys
M:\.\Start.exe
G:\SETUP.EXE
D:\setup.exe

Folder::

Sysrst::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b879752-0a70-11dd-96e9-0011d8e3bc2f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
pgrooms28

pgrooms28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
[b]Do you believe that this is something that can be completed today or is it much more complicated than that?




ComboFix 08-08-17.03 - HP_Owner 2008-08-18 8:18:41.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.233 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\uccspecb.sys
C:\WINDOWS\uccspecc.sys
D:\setup.exe
G:\SETUP.EXE
M:\.\Start.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\uccspecb.sys
C:\WINDOWS\uccspecc.sys

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 20:59 . 2008-08-17 20:59 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-08-17 20:57 . 2008-08-17 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-17 20:09 . 2008-08-17 20:09 <DIR> d-------- C:\sdfIx.runthis.bat
2008-08-17 17:40 . 2008-08-15 21:15 <DIR> d-------- C:\SDFix
2008-08-16 14:16 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-16 14:16 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-16 14:06 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-16 14:06 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-16 14:04 . 2008-08-16 14:04 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-16 13:58 . 2008-08-16 13:58 <DIR> d-------- C:\WINDOWS\EHome
2008-08-16 13:54 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-16 13:54 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-16 13:54 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-16 13:54 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-16 13:52 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-16 12:52 . 2008-08-16 12:52 <DIR> d-------- C:\Program Files\FastAccessDSL
2008-08-16 12:52 . 2008-08-16 12:52 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-08-16 12:40 . 2008-08-16 12:40 10,552,262 --a------ C:\Documents and Settings\HP_Owner\HC43SInstaller.exe
2008-08-16 11:47 . 2008-08-16 11:47 <DIR> d-------- C:\fsaua.data
2008-08-16 11:37 . 2008-08-16 11:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 11:37 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 11:37 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 00:00 . 2008-08-17 02:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 10:54 . 2008-08-15 10:54 <DIR> d-------- C:\Program Files\CCleaner
2008-08-15 00:39 . 2008-08-15 00:45 <DIR> d-------- C:\Rustbfix
2008-08-14 23:43 . 2006-11-07 22:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-08-14 21:40 . 2008-08-14 21:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-14 18:44 . 2008-08-14 21:39 837 --a------ C:\clean.reg
2008-08-14 18:43 . 2005-01-22 13:32 61,440 --a------ C:\Documents and Settings\HP_Owner\sdelete.exe
2008-08-14 18:43 . 2007-07-25 14:12 44,480 --a------ C:\Documents and Settings\HP_Owner\mru.reg
2008-08-14 18:43 . 2003-01-05 13:20 32,768 --a------ C:\Documents and Settings\HP_Owner\indexcleaner.exe
2008-08-14 18:43 . 2007-10-24 18:34 28,673 --a------ C:\Documents and Settings\HP_Owner\install.bat
2008-08-14 18:21 . 2008-08-14 18:21 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-08-14 18:21 . 2008-08-14 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 17:46 . 2008-08-14 19:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-14 17:36 . 2008-08-14 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-13 16:56 . 2008-08-13 16:56 48 --a------ C:\WINDOWS\FileNamesinQueue.ini
2008-08-13 07:23 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 19:31 . 2008-08-17 18:05 2,958 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-12 18:58 . 2008-08-12 18:58 <DIR> d-------- C:\Program Files\Microsoft Easy Assist
2008-08-12 17:00 . 2008-08-16 14:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-12 16:59 . 2008-04-13 20:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-12 16:46 . 2008-08-12 16:46 <DIR> d-------- C:\38a428fa8503e68def
2008-08-12 15:21 . 2008-08-12 15:21 <DIR> d-------- C:\76bab2872e996750762a4023787ece
2008-08-12 15:00 . 2008-08-12 15:00 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-30 18:34 . 2008-07-31 22:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 12:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 13:04 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-16 18:12 --------- d-----w C:\Program Files\Support.com
2008-08-16 15:37 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-08-15 15:57 --------- d-----w C:\Program Files\Google
2008-08-15 15:51 --------- d-----w C:\Program Files\Trend Micro
2008-08-15 15:05 --------- d-----w C:\Program Files\Java
2008-08-15 12:58 --------- d-----w C:\Program Files\LimeWire
2008-08-15 12:57 --------- d-----w C:\Program Files\Windows Live
2008-08-15 12:52 --------- d-----w C:\Program Files\HP
2008-08-15 00:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 00:08 --------- d-----w C:\Program Files\Safari
2008-08-15 00:05 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-08-14 23:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2008-08-14 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AT&T
2008-08-14 22:46 --------- d-----w C:\Program Files\Wireless Optical Mouse
2008-08-14 22:46 --------- d-----w C:\Program Files\Spelling Bee Tutor-PDA
2008-08-14 22:46 --------- d-----w C:\Program Files\Plaxo
2008-08-14 22:46 --------- d-----w C:\Program Files\MP3 Rocket
2008-08-14 22:46 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-14 22:46 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-08-14 22:46 --------- d-----w C:\Program Files\Help and Support Additions
2008-08-14 22:46 --------- d-----w C:\Program Files\Formatta 7.0
2008-08-14 22:46 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-14 22:46 --------- d-----w C:\Program Files\Documents To Go
2008-08-14 22:46 --------- d-----w C:\Program Files\Common Files\DataViz
2008-08-14 22:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-14 21:40 --------- d-----w C:\Program Files\PCPitstop
2008-08-14 16:31 --------- d-----w C:\Program Files\Yahoo!
2008-08-13 23:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-13 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 23:13 --------- d-----w C:\Program Files\PDF995
2008-08-13 22:30 46,048 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-08-13 18:42 --------- d-----w C:\Program Files\NoAdware4
2008-08-13 18:03 --------- d-----w C:\Program Files\Citrix
2008-08-12 21:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 21:05 --------- d-----w C:\Program Files\RogueRemover PRO
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-12-12 15:51 56,912 ----a-w C:\Documents and Settings\HP_Owner\g2mdlhlpx.exe
2006-07-10 19:03 2,162 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-11-22 13:46 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [email protected]_10.21.03.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-18 00:57:46 8,691,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-18 00:57:47 3,088,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-18 00:57:25 8,691,712 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-18 00:57:26 3,088,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\AT&T\AT&T Internet Security Suite\Temp\cabarc.exe
2008-08-14 09:55 65808 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010262.exe

C:\Documents and Settings\All Users\Application Data\AT&T\AT&T Internet Security Suite\Temp\patch16709.exe
2008-08-14 09:55 3331312 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010269.exe

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HASFix056479.dll
2008-08-12 17:25 21160 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007826.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HASFix058456.dll
2008-08-12 17:25 29352 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007827.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HASFix101001.dll
2008-08-12 17:25 23056 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007828.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll
2008-08-12 17:25 23720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007831.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll
2008-08-12 17:25 221208 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007829.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll
2008-08-12 17:25 110248 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007830.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\dplugins\2.0.1.600\OneCareDiagPlugin.dll
2008-08-12 17:31 209960 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007834.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TroubleshooterCommon.dll
2008-08-12 17:31 337816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007844.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TroubleshooterInterface.dll
2008-08-12 17:31 112808 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007845.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TroubleshooterTestContent.dll
2008-08-12 17:31 231592 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007846.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix045841.dll
2008-08-12 17:31 29864 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007847.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix054445.dll
2008-08-12 17:31 20648 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007848.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix054450.dll
2008-08-12 17:31 23208 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007849.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix055868.dll
2008-08-12 17:31 20488 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007850.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix055875.dll
2008-08-12 17:31 21160 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007851.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix055977.dll
2008-08-12 17:31 19464 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007852.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix055978.dll
2008-08-12 17:31 2946216 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007853.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix056472.dll
2008-08-12 17:31 810152 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007854.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix501008.dll
2008-08-12 17:31 22184 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007855.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix501009.dll
2008-08-12 17:31 19992 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007856.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix501010.dll
2008-08-12 17:31 19480 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007857.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix501012.dll
2008-08-12 17:31 20648 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007858.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix501501.dll
2008-08-12 17:31 19624 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007859.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\MSHotFix\WindowsXP-KB914882-x86.exe
2008-08-12 17:31 2923248 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007860.exe

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\ActivateSystemRestoreTool.dll
2008-08-12 23:22 29839 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007866.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\AFLCommon.dll
2008-08-12 23:22 180367 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007867.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\auInterface.dll
2008-08-12 23:22 180879 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007868.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\ClearPrinterJobs.dll
2008-08-12 23:22 17039 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007869.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\CreateVPage.dll
2008-08-12 23:22 67727 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007870.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\DisableRemoteRegistry.dll
2008-08-12 23:22 11407 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007871.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\DriverConflict.dll
2008-08-12 23:22 13967 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007872.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\EnableCDdevice.dll
2008-08-12 23:22 33423 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007873.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\EnableIEWPF.dll
2008-08-12 23:22 11919 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007874.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\EnableIEXPS.dll
2008-08-12 23:22 12943 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007875.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\EnablePopupBlocker.dll
2008-08-12 23:22 15503 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007876.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\EnableScreenSaver.dll
2008-08-12 23:22 20111 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007877.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\EnableUACInstallation.dll
2008-08-12 23:22 16015 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007878.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\IEPrivacySettings.dll
2008-08-12 23:22 13455 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007879.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\Improve_Office_Performance.dll
2008-08-12 23:22 28815 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007880.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\IncreaseIESecurity.dll
2008-08-12 23:22 25231 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007881.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\IncreaseVPage.dll
2008-08-12 23:22 78991 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007882.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\MacroSecurityExcel.dll
2008-08-12 23:22 18575 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007883.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\MacroSecurityOutlook.dll
2008-08-12 23:22 18063 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007884.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\MacroSecurityPowerPoint.dll
2008-08-12 23:22 18575 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007885.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\MacroSecurityWord.dll
2008-08-12 23:22 18063 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007886.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\OCLocUpgrade.dll
2008-08-12 23:22 26767 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007887.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\OptimizeIECache.dll
2008-08-12 23:22 12431 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007888.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\RepairCorruptedWinsock.dll
2008-08-12 23:22 23183 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007889.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\RestoreDMA.dll
2008-08-12 23:22 21647 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007890.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\RestoreHostsFile.dll
2008-08-12 23:22 18575 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007891.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\RestorePrinterSpooler.dll
2008-08-12 23:22 16015 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007892.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\RestoreSecureBrowser.dll
2008-08-12 23:22 17039 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007893.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\StartupCleanupAdmin.dll
2008-08-12 23:22 20111 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007894.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\StartupCleanupUser.dll
2008-08-12 23:22 20111 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007895.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\TempFolderCleanup.dll
2008-08-12 23:22 13455 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007896.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\TempInternetFolderCleanup.dll
2008-08-12 23:22 12943 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007897.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{DA0ACE91-A700-41A3-B328-DFCD59827D7D}\mpengine.dll
2008-08-01 23:28 3358800 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007763.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\Backup\mpengine.dll
2008-05-15 16:15 3308624 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007761.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\Default\MpEngine.dll
2008-05-15 16:15 3308624 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007762.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7EFB3A3C-E415-4857-9426-59BF047A3D25}\mpengine.dll
2008-08-02 01:04 3358800 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP13\A0010605.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2008-08-02 01:04 3358800 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP13\A0010602.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
2006-09-17 03:00 2565432 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP13\A0010603.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2007-01-23 15:57 2443144 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP13\A0010604.dll

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regLocal.reg
2008-08-13 13:52 29222985 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010180.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegBHO-Global.reg
2008-08-13 15:34 384 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009082.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg
2008-08-13 15:32 8475 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009076.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB1-Global.reg
2008-08-13 15:33 87 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009083.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg
2008-08-13 15:40 877 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009027.reg
2008-08-13 19:13 1110 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010145.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2-Global.reg
2008-08-13 14:42 280 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0008033.reg
2008-08-13 15:25 86 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009084.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUIESH-HP_Owner.reg
2008-08-13 15:32 132 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009085.reg

C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe
2008-08-13 12:52 3553680 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0008220.exe

C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connecthook.dll
2008-08-13 12:52 81920 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0006574.dll
2008-08-13 13:14 81920 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0008221.dll

C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectsprd.dll
2008-08-13 12:52 158720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0006573.dll
2008-08-13 13:14 158720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0008222.dll

2008-08-17 20:48 1463290 C:\Documents and Settings\HP_Owner\Desktop\SDFix.exe
2008-08-17 16:56 1463290 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP41\A0018058.exe
2008-08-17 19:47 1463290 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP41\A0018426.exe

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\ChatClasses.dll
2007-06-09 02:07 14336 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007715.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\CitrixAppsProject.dll
2007-06-09 02:07 65536 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007712.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\Interop.RTCCORELib.dll
2007-06-09 02:07 73728 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007708.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\rtcPresenceAbstract.dll
2007-06-09 02:07 24576 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007704.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\WelcomeHome.exe
2007-06-09 02:07 2928640 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007697.exe

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\West.CorpSysDev.WH.WHClientConfig2003.dll
2007-06-09 02:07 12288 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007691.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_b9b698a9e96d89b2\West.Waha.WebLoginServicesDataTypes.dll
2007-06-09 02:07 28672 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007688.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\ChatClasses.dll
2007-07-14 08:54 14336 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007746.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\CitrixAppsProject.dll
2007-07-14 08:55 65536 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007743.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\Interop.RTCCORELib.dll
2007-07-14 08:54 73728 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007739.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\rtcPresenceAbstract.dll
2007-07-14 08:54 24576 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007735.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\WelcomeHome.exe
2007-07-14 08:55 2932736 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007728.exe

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\West.CorpSysDev.WH.WHClientConfig2003.dll
2007-07-14 08:54 12288 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007722.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\welc..kage_28b3eab364833aef_0001.0001_bab4b820e4f5fbf2\West.Waha.WebLoginServicesDataTypes.dll
2007-07-14 08:54 28672 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007719.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\ChatClasses.dll
2007-11-14 14:55 14336 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007660.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\CitrixAppsProject.dll
2007-11-14 14:55 65536 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007657.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\ConnectDataTypes.dll
2007-11-14 14:55 24576 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007654.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\ConnectPluginInterfaces.dll
2007-11-14 14:55 20480 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007651.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\Interop.RTCCORELib.dll
2007-11-14 14:55 73728 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007647.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\rtcPresenceAbstract.dll
2007-11-14 14:55 24576 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007643.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\WelcomeHome.exe
2007-11-14 14:55 2957312 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007636.exe

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\West.CorpSysDev.WH.WHClientConfig2003.dll
2007-11-14 14:55 15360 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007632.dll

C:\Documents and Settings\HP_Owner\Local Settings\Apps\2.0\G9ZHJBOJ.A18\V4JQXYR4.216\west..kage_28b3eab364833aef_0001.0002_490658ee75ccdff4\West.Waha.WebLoginServicesDataTypes.dll
2007-11-14 14:55 28672 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007629.dll

C:\Documents and Settings\LocalService\Application Data\521632863.exe
2008-08-12 13:54 34816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010301.exe

C:\Documents and Settings\LocalService\Application Data\629773861.exe
2008-08-12 18:36 130048 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP9\A0003382.exe

C:\Documents and Settings\LocalService\Application Data\633968421.exe
2008-08-12 17:04 129536 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP34\A0014084.exe

C:\Documents and Settings\LocalService\Application Data\721529861.exe
2008-08-12 13:54 145920 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP34\A0014085.exe

C:\MSOCache\All Users\90840409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
2006-08-12 09:50 89136 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP23\A0013200.EXE

C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll
2004-04-20 22:33 139264 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP16\A0011760.dll

C:\Program Files\Alarm\Alarm.exe
2006-11-19 15:43 167936 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009053.exe

C:\Program Files\Alarm\unins000.exe
2007-03-21 10:40 682266 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009054.exe

C:\Program Files\AT&T\AT&T Internet Security Suite\ClBR.dll
2007-06-28 16:09 488688 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010264.dll

C:\Program Files\AT&T\AT&T Internet Security Suite\clientver.dll
2008-02-07 14:46 7920 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010554.dll

C:\Program Files\AT&T\AT&T Internet Security Suite\DgR.exe
2007-06-28 16:09 1385200 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010267.exe

C:\Program Files\AT&T\AT&T Internet Security Suite\DlgR.dll
2007-06-28 16:09 306416 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010265.dll

C:\Program Files\AT&T\AT&T Internet Security Suite\PersistR.dll
2007-06-28 16:09 129776 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010266.dll

C:\Program Files\AT&T\AT&T Internet Security Suite\rebootui.exe
2008-08-14 09:55 27376 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010268.exe

C:\Program Files\AT&T\AT&T Internet Security Suite\Resources\zk_en_US\Fws_Rsrc.dll
2007-06-28 16:10 148720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010252.dll
2007-06-28 16:10 148720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010306.dll

C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
2007-06-28 16:09 99056 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010263.exe

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
2007-05-03 13:12 2061816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010596.exe

C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
2007-05-03 13:03 286720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010595.exe

C:\Program Files\AT&T\Internet Security Wizard\RpSpaWshComAgent.dll
2007-05-03 13:12 103928 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010594.dll

C:\Program Files\AT&T\Internet Security Wizard\StopATTInternetSecurityWizard.exe
2007-05-03 13:12 50680 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010599.exe

C:\Program Files\AT&T\Internet Security Wizard\unins000.exe
2008-08-14 09:30 678730 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010600.exe

2008-07-29 09:41 1213680 C:\Program Files\CCleaner\CCleaner.exe
2008-07-29 09:41 1213680 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010148.exe

2008-08-15 10:54 114504 C:\Program Files\CCleaner\uninst.exe
2008-08-13 15:35 114504 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010149.exe

C:\Program Files\Cisco Systems\VPN Client\accessible\qtwidgets100.dll
2005-09-21 11:57 81920 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017745.dll

C:\Program Files\Cisco Systems\VPN Client\autoinstall.exe
2006-04-20 09:34 246848 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017743.exe

C:\Program Files\Cisco Systems\VPN Client\autoinstallgui.exe
2006-04-20 09:34 259136 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017742.exe

C:\Program Files\Cisco Systems\VPN Client\autoupdate.exe
2006-04-20 09:34 324672 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017741.exe

C:\Program Files\Cisco Systems\VPN Client\cisco_cert_mgr.exe
2006-04-20 09:34 1025080 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017740.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2006-04-20 09:34 1520688 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017739.exe

C:\Program Files\Cisco Systems\VPN Client\InstHelper.dll
2006-04-20 09:34 29752 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017746.dll

C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
2006-04-20 09:34 177216 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017738.exe

C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
2006-04-20 09:34 173112 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017737.exe

C:\Program Files\Cisco Systems\VPN Client\MsiHelper.exe
2006-04-20 09:34 177208 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017736.exe

C:\Program Files\Cisco Systems\VPN Client\ppptool.exe
2006-04-20 09:34 230448 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017735.exe

C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll
2005-09-21 11:57 4325376 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017744.dll

C:\Program Files\Cisco Systems\VPN Client\SetMTU.exe
2006-04-20 09:34 218160 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017734.exe

C:\Program Files\Cisco Systems\VPN Client\Setup\CVirtA.sys
2005-05-17 05:51 5315 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017728.sys

C:\Program Files\Cisco Systems\VPN Client\unzip32.dll
2006-04-20 09:29 102400 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017731.dll

C:\Program Files\Cisco Systems\VPN Client\VAInstaller.exe
2006-04-20 09:34 66616 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017722.exe

C:\Program Files\Cisco Systems\VPN Client\vpnclient.exe
2006-04-20 09:34 267312 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017733.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
2006-04-20 09:34 1528880 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017732.exe

C:\Program Files\Citrix\GoToMeeting\198\G2M.dll
2007-12-12 11:51 3259448 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007615.dll

C:\Program Files\Citrix\GoToMeeting\198\g2mchat.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007592.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007593.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mfeedback.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007594.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mhost.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007595.exe

C:\Program Files\Citrix\GoToMeeting\198\G2MIMessenger.dll
2007-12-12 11:51 56392 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007596.dll

C:\Program Files\Citrix\GoToMeeting\198\G2MInstaller.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007597.exe

C:\Program Files\Citrix\GoToMeeting\198\G2MInstHigh.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007598.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007599.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mmatchmaking.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007600.exe

C:\Program Files\Citrix\GoToMeeting\198\G2MNotesAddin.dll
2007-12-12 11:51 12872 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007601.dll

C:\Program Files\Citrix\GoToMeeting\198\G2MOutlookAddin.dll
2007-12-12 11:51 99920 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007602.dll

C:\Program Files\Citrix\GoToMeeting\198\g2mpolling.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007603.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mQandA.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007604.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mrecorder.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007605.exe

C:\Program Files\Citrix\GoToMeeting\198\G2MResource.dll
2007-12-12 11:51 619080 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007613.dll

C:\Program Files\Citrix\GoToMeeting\198\g2msessioncontrol.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007606.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007607.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mtranscoder.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007608.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mui.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007609.exe

C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007614.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mview.exe
2007-12-12 11:51 31816 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007610.exe

C:\Program Files\Citrix\GoToMeeting\198\RootCert.dll
2007-12-12 11:51 15416 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007611.dll

C:\Program Files\Citrix\GoToMeeting\198\uninshlp.dll
2007-12-12 11:51 11840 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0007612.dll

2007-10-16 23:44 150 C:\Program Files\Cloud10 MojoPac\mount.bat
2007-10-16 23:44 150 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009044.bat

2007-08-13 10:04 909248 C:\Program Files\Cloud10 MojoPac\TrueCrypt Format.exe
2007-08-13 10:04 909248 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009046.exe

2007-08-13 10:04 833984 C:\Program Files\Cloud10 MojoPac\TrueCrypt.exe
2007-08-13 10:04 833984 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009047.exe

2007-08-13 10:04 188672 C:\Program Files\Cloud10 MojoPac\truecrypt.sys
2007-08-13 10:04 188672 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009045.sys

C:\Program Files\Common Files\Deterministic Networks\Common files\dneinst.exe
2005-06-29 20:50 116736 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017747.exe

C:\Program Files\Common Files\Deterministic Networks\DNE\dne2000.exe
2005-08-18 20:19 22016 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017752.exe

C:\Program Files\Common Files\Deterministic Networks\DNE\dne2000.sys
2005-06-29 20:50 110080 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017748.sys

C:\Program Files\Common Files\Deterministic Networks\DNE\dneinobj.dll
2005-06-29 20:50 94720 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP38\A0017749.dll

2007-08-13 18:54 765952 C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2007-07-12 19:31 765952 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP18\A0012924.dll

C:\Program Files\Common Files\Scanner\ppclean.exe
2006-11-08 11:59 476160 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010278.exe

C:\Program Files\Common Files\Scanner\ppctl.dll
2008-08-13 17:06 820488 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0009159.dll

2008-05-01 10:33 331776 C:\Program Files\Common Files\System\msadc\msadce.dll
2004-08-04 07:00 331776 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0005484.dll

C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe
2008-08-14 17:46 434311 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP12\A0010601.exe

C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopCommon.dll
2007-10-29 10:33 125440 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013082.dll

C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe
2007-10-29 10:33 1836544 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013083.exe

C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktop.exe
2007-10-29 10:33 1836544 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013084.exe

C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopCommon.dll
2007-10-30 08:53 125440 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013085.dll

C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopResources_en.dll
2007-10-30 08:53 507904 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013086.dll

C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe
2007-10-30 08:53 1836544 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013087.exe

C:\Program Files\Google\Google Desktop Search\gcdtmp3\GoogleDesktopCommon.dll
2008-08-15 08:50 125440 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0013839.dll

C:\Program Files\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe
2008-08-15 08:50 1836544 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0013840.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
2006-12-09 08:17 244224 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013088.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
2006-02-15 08:51 89600 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013089.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
2005-06-21 01:59 8704 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013090.dll

C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork2.dll
2005-06-21 01:59 93184 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013091.dll

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
2006-02-15 08:51 82944 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013092.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe
2005-06-21 01:59 743016 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013093.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe
2007-10-29 10:33 1831984 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0013843.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopUpdate.exe
2007-10-29 10:33 1831984 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013094.exe

C:\Program Files\Google\Google Desktop Search\pdftohtml.exe
2006-02-15 08:51 272384 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013095.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktop.exe
2006-12-09 08:17 241152 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013112.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopActions.dll
2006-12-09 08:18 168448 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013113.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopAPI2.dll
2006-12-08 06:25 547328 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013114.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopCrawl.exe
2006-11-08 20:35 243712 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013115.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopDeskbar2.dll
2006-12-09 08:17 243200 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013116.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopDisplay.exe
2006-11-08 20:35 1109504 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013117.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopHyper.dll
2006-12-09 08:18 221184 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013118.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopIE.dll
2006-12-09 08:17 136704 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013119.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopIndex.exe
2006-11-08 20:35 755200 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013120.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopMail.dll
2006-12-09 08:18 114688 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013121.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopManager.exe
2006-12-08 06:25 81408 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013122.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopMozilla.dll
2006-12-09 08:17 156672 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013123.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopNetwork3.dll
2006-12-08 06:25 163328 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013125.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopOE.dll
2006-12-09 08:17 111616 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013126.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopOE.exe
2005-06-21 01:59 57856 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013127.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopOffice.dll
2006-12-09 08:17 286208 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013128.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopResources_en.dll
2006-12-08 06:25 622592 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013129.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopSetup.exe
2006-12-08 06:23 2177336 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013130.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopSSD.dll
2006-12-09 08:18 186368 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013131.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleUIEngine.dll
2006-12-09 08:18 366592 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013132.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_gzlib.dll
2006-12-09 08:17 36352 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013133.dll

C:\Program Files\Google\Google Desktop Search\temp\_PREV_pdftohtml.exe
2005-06-21 01:59 272384 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013134.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_pdftotext.exe
2006-11-08 20:35 355328 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013135.exe

C:\Program Files\Google\Google Desktop Search\temp\_PREV_plugin_common.vbs
2006-12-08 06:25 4983 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013136.vbs

C:\Program Files\Google\Google Desktop Search\temp\temp1DAB__GoogleDesktopResources_en.dll
2007-10-29 10:33 507904 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0013841.dll

C:\Program Files\Google\Google Desktop Search\temp\tempBE67__GoogleDesktopActions.dll
2007-10-30 08:55 68096 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013096.dll

C:\Program Files\Google\Google Desktop Search\temp\tempBE67__GoogleDesktopCommon.dll
2007-10-29 10:33 125440 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013097.dll

C:\Program Files\Google\Google Desktop Search\temp\tempBE67__GoogleDesktopDeskbar2.dll
2007-10-30 08:55 168448 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0013842.dll

C:\Program Files\Google\Google Desktop Search\temp\tempBE67__GoogleDesktopHyper.dll
2007-10-30 08:55 176640 {DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP21\A0013098.dll

C:\Program Files\Google\Google Desktop Search\temp\tempBE67__GoogleDesk

Edited by pgrooms28, 18 August 2008 - 10:58 AM.

  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It will be one more day

Can you attach the CF log, some of it is missing
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP