Awesome group. But, as you can tell by my username, I'm rather biased. I have a bit of a, well, shrine, on my wall for lack of a better word. All of their autographs framed, with guitar picks, a drumstick, backstage pass, etc. Unfortunately I'll never get to meet Michael Hutchence.
And back to the task at hand. Thanks for uploading that file. You my friend, are a miracle worker! The slowdown appears to be gone, and google is no longer hijacked!
I'll post the logs below, but just so I can help prevent this from happening again, what do you recommend I use: IE7 or Firefox? I've heard good things about Firefox and that I should stay away from IE7, but that's all I've known and used for a long time. Also, what do you think about Kaspersky Anti-Virus 2009 versus Windows Live OneCare or any other program for that matter? Hopefully Kaspersky is good since I already opened it.
Hopefully this is the last of the virus. It sure was nasty. But you were amazing, and I never could have fixed it without your help, and for that, I am truly grateful. I'll wait and see if the logs revealed any more nasty surprises before I start the celebration though.
(I tried doing what you said about putting CODE tags around the SDFix log, but I'm not entirely sure I did it right. I hit the # sign icon that says "wrap [CODE] tags around selected text" and I'm not sure it did what it was supposed to. I did notice that it inserted a lot of emoticons in one part, and apparently the letter "d" became an emoticon, so I'm not sure how that happened. Let me know if I did something wrong and I'll be happy to try again. See, totally inept.)
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:41 PM, on 11/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Charlie Kierscht\Desktop\New Folder\Analysethis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1195791662969
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) -
http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 7744 bytes
SDFIX Log
SDFix: Version 1.240
Run by Administrator on Sat 11/15/2008 at 09:30 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\CHARLI~1\Desktop\SDFix\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\TDSSnpvw.dll - Deleted
C:\WINDOWS\system32\TDSSierd.dat - Deleted
C:\WINDOWS\system32\TDSSofxh.log - Deleted
Could Not Remove C:\WINDOWS\system32\TDSSbvan.dll
Could Not Remove C:\WINDOWS\system32\TDSSurta.dll
Could Not Remove C:\WINDOWS\system32\TDSSaewi.dll
Could Not Remove C:\WINDOWS\system32\TDSSyyvb.dll
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:51:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Charlie Kierscht\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"E:\\bin\\IA\\Core\\MDM_Util.exe"="E:\\bin\\IA\\Core\\MDM_Util.exe:*:Enabled:MDM_Util"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
C:\WINDOWS\system32\TDSSbvan.dll Found
C:\WINDOWS\system32\TDSSurta.dll Found
C:\WINDOWS\system32\TDSSaewi.dll Found
C:\WINDOWS\system32\TDSSyyvb.dll Found
File Backups: - C:\DOCUME~1\CHARLI~1\Desktop\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sat 5 Jan 2008 4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Sat 30 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 9 Jan 2007 165,376 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0003.tmp"
Tue 13 Apr 2004 36,352 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0004.tmp"
Wed 10 Jan 2007 36,352 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0005.tmp"
Tue 23 Nov 2004 25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0027.tmp"
Mon 22 Nov 2004 26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0417.tmp"
Tue 23 Nov 2004 24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0507.tmp"
Mon 22 Nov 2004 25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0814.tmp"
Wed 21 Sep 2005 36,352 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0943.tmp"
Tue 20 Sep 2005 29,184 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1087.tmp"
Wed 21 Sep 2005 38,912 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1307.tmp"
Mon 22 Nov 2004 26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1392.tmp"
Mon 22 Nov 2004 26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1441.tmp"
Tue 23 Nov 2004 24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1550.tmp"
Tue 23 Nov 2004 24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1591.tmp"
Mon 22 Nov 2004 26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1643.tmp"
Mon 22 Nov 2004 25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2298.tmp"
Mon 22 Nov 2004 26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2452.tmp"
Wed 21 Sep 2005 34,816 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2628.tmp"
Mon 2 Jul 2007 38,400 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2648.tmp"
Tue 23 Nov 2004 24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2655.tmp"
Mon 2 Apr 2007 81,408 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2713.tmp"
Mon 22 Nov 2004 25,088 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2777.tmp"
Thu 22 Sep 2005 41,984 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2787.tmp"
Sat 7 Apr 2007 39,424 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3174.tmp"
Mon 22 Nov 2004 26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3392.tmp"
Thu 7 Jul 2005 25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3546.tmp"
Mon 22 Nov 2004 27,136 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3814.tmp"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe"
Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dll"
Sat 14 Apr 2007 27,144 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R1E.tmp"
Sat 14 Apr 2007 27,640 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R20.tmp"
Sat 14 Apr 2007 26,440 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R22.tmp"
Sat 14 Apr 2007 14,128 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R24.tmp"
Sat 14 Apr 2007 25,820 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R26.tmp"
Sat 14 Apr 2007 23,468 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R28.tmp"
Sat 14 Apr 2007 23,456 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R2A.tmp"
Sat 14 Apr 2007 27,440 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R2C.tmp"
Sat 14 Apr 2007 28,596 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R2E.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S1F.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S21.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S23.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S25.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S27.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S29.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S2B.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S2D.tmp"
Sat 14 Apr 2007 1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S2F.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Fri 11 Jul 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 6 Mar 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 6 Mar 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Fri 11 Jul 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Mon 22 Nov 2004 303,104 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\Microsoft\Word\~WRL3425.tmp"
Tue 9 Aug 2005 488,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\156f16c4104b0a36def834ec4ce48b9c\BIT25.tmp"
Tue 14 Feb 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\438592bd0a35d9254fb9860cffa394f2\BITFE.tmp"
Wed 12 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT698.tmp"
Tue 9 Aug 2005 494,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\99b05056a1cd02f2ee88def3c79553bb\BIT24.tmp"
Mon 9 Nov 1998 8,704 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\etc\Notes\Brief2.1\~WRL0701.tmp"
Sun 8 Nov 1998 26,112 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\etc\Notes\Brief2.1\~WRL1882.tmp"
Sun 8 Nov 1998 25,088 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\etc\Notes\Brief2.1\~WRL2390.tmp"
Tue 27 Nov 2007 24,663 ..SHR --- "C:\Documents and Settings\Charlie Kierscht\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe"
Mon 14 Aug 2006 1,070,008 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\321ca12b9fa3a6e84c5208a19d84f4b9\download\BIT1E9.tmp"
Thu 13 Nov 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch1\lock.tmp"
Thu 13 Nov 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\lock.tmp"
Thu 13 Nov 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\lock.tmp"
Thu 13 Nov 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch4\lock.tmp"
Thu 13 Nov 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\lock.tmp"
Thu 18 Oct 2007 8 A..H. --- "C:\Documents and Settings\Admin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 18 Oct 2007 8 A..H. --- "C:\Documents and Settings\Admin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 18 Oct 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 18 Oct 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sun 8 Apr 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 8 Apr 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 8 Apr 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 8 Apr 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Thu 17 May 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Thu 18 Oct 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u8\lock.tmp"
Thu 18 Oct 2007 8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u9\lock.tmp"
Fri 16 Mar 2007 1,004 ..SH. --- "C:\Documents and Settings\Charlie Kierscht\Local Settings\Application Data\NewSoft\PageManager\7.15.11A\Setting\PM65.BAK"
Finished! 
Unsolved 
Offline 
.
