[survtek]

I have a Dell Windows XP Home laptop that is experiencing problems. Control Panel does not appear to exist, I cannot access display properties it tells me that due to restrictions on my computer it is not allowed and to contact my system administrator. My logon is the only one setup on this computer and has full administrative priveledges. I have run several spyware utilities on the computer to try to remove whatever is effecting it, but I have had no luck so I come to you with much hope. I have run Norton Internet Security, SpyBot - Search & Destroy 1.5.1.15, AVG AntiSpyware 7.5.0.50, Ad Aware 2007, Spyware Guard, CCleaner, Smitfraud Fix, and Hijackthis so here is the hijackthis log file. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:27 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7242 bytes

 

[survtek]

It has been three days and still no reply, I am disapointed. I noticed that the next thread he had posted the log files from Dekards System Scanner (dss) as well so I thought I would post that as well maybe it will help you. Please look into this for me and get bak to me. I really need to get this problem resolved and I've already been chasing it for close to a week and I don't want to reformat if I don't have to. Thank you in advance for your reply.

Deckard's System Scanner v20070826.66
Run by Farnsworth on 2007-11-12 07:47:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Farnsworth.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:27 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7242 bytes

-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-09 10:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-09 10:11:35 0 d-------- C:\Program Files\xp-AntiSpy
2007-11-09 10:10:38 0 d-------- C:\Program Files\SysJewel
2007-11-09 10:02:28 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-11-09 10:02:28 0 d-------- C:\Program Files\Belarc
2007-11-09 09:59:18 0 d-------- C:\Program Files\SpywareBlaster
2007-11-08 13:24:57 0 d-------- C:\Program Files\Lavasoft
2007-11-08 13:24:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-08 13:22:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 14:35:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-06 14:34:41 0 d-------- C:\Program Files\Spyware Doctor
2007-11-06 14:34:41 0 d-------- C:\Documents and Settings\Farnsworth\Application Data\PC Tools
2007-11-06 14:32:16 0 dr-h----- C:\Documents and Settings\Farnsworth\Recent
2007-11-06 14:24:59 0 d-------- C:\Program Files\CCleaner
2007-11-06 14:19:02 0 d-------- C:\Program Files\RegCleaner
2007-11-06 13:50:04 0 d-------- C:\WINDOWS\Prefetch
2007-11-06 06:51:48 0 d-------- C:\WINDOWS\dell
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-05 14:09:23 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-05 14:09:23 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-05 14:09:23 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-05 14:09:23 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-05 14:09:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-05 14:09:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-05 14:09:22 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-05 14:09:22 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-05 14:09:22 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-05 14:09:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2007-11-08 14:55:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-08 13:22:53 0 d-------- C:\Program Files\Common Files
2007-11-06 13:35:44 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-05 14:11:44 2050 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-22 07:14:03 0 d-------- C:\Program Files\Symantec


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 08:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2007 01:44 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/07/2007 01:44 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/13/2004 10:23 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/14/2004 12:35 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [10/07/2006 06:20 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Farnsworth^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Farnsworth\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms]
C:\Program Files\Microsoft\svhost32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r]
C:\WINDOWS\down\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rzt]
C:\WINDOWS\Intel\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b63af5e-5589-11dc-951d-00038a000015}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - BANTEXT



-- End of Deckard's System Scanner: finished at 2007-11-12 07:48:57 ------------

 

[Ried]

Hello survtek,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

You should now have the Control Panel back. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

MyWaySA

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: (if it still exists)

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Folder (if it still exists)

C:\Program Files\MyWaySA

--------------------------------------------------------------------

Run a new scan with dss.exe.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
main.txt
Update on system behavior

 

[survtek]

Thank you so much for getting back to me on this topic. I followed your instructions and the computer is running much faster now and I have access to the Control Panel and Display properties again. I am going to set a new restore point next. Here are the log files from SDFix and dss. Thank you again very very much.

SDFix: Version 1.114

Run by Farnsworth on Mon 11/12/2007 at 09:04 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 09:10:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\WINDOWS\\csrss.exe"="C:\\WINDOWS\\csrss.exe:*:Enabled:Enabled"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT10.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT108.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT11.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT115.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT116.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT117.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT118.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT11A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT11B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT11C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT12.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT13.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT13A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT14.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT143.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT146.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT147.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT149.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT14B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT14C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT14D.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT15.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT152.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT158.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT159.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT15A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT15B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT16.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT161.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT166.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT167.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT17.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT18.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT184.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT185.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT186.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT187.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT189.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT18A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT18B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT18F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT19.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B4.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B6.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B7.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B8.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1B9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C4.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C6.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C7.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C8.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1C9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1CA.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1D.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1D7.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1E.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F1.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F4.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F5.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F7.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F8.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT1F9.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT20.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT22.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT22C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT22D.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT22E.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT22F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT23.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT232.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT233.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT234.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT24.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT245.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT246.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT247.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT248.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT249.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT24A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT24B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT24C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT24E.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT24F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT25.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT250.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT251.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT252.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT253.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT254.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT256.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT257.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT258.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT259.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT25A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT25B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT25C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT26.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT26F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT27.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT270.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT271.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT274.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT275.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT277.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT278.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT29.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D1.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D5.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D6.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D7.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D8.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2D9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2DF.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2E.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2E1.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2E2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2E3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2E4.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2E5.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2EF.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2F9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2FA.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2FB.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2FC.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2FD.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT2FE.tmp"
Sun 26 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT30.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT304.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT31.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT32.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT32F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT33.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT331.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT332.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT333.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT335.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT337.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT34A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT34B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT34D.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT34E.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT34F.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT350.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT351.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT352.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT353.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT355.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT356.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT357.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT358.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT359.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT35A.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT35B.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT35C.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT35D.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT35E.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT360.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT361.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT362.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT363.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT364.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT365.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT366.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT368.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT369.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT36A.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT36B.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT36C.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT36D.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT36E.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT36F.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT370.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT371.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT373.tmp"
Sat 25 Aug 2007 281,002 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT374.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT375.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT376.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT377.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT378.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT379.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT37B.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT37C.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT37D.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT37E.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT37F.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT380.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT381.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT382.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT383.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT384.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT385.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT387.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT388.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT389.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT38A.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT38B.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT38C.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT38D.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT38F.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT390.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT391.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT392.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT393.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT394.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT396.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT397.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT398.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT39A.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT39B.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT39C.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT39D.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT39E.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT39F.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A0.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A2.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A3.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A4.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A5.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A7.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3A8.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3AA.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3AB.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3AC.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3AE.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3AF.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B0.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B1.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B2.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B3.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B4.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B7.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B8.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3B9.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3BA.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3BB.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3BD.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3BE.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3BF.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C0.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C2.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C3.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C4.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C5.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C7.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3C9.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3CA.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3CB.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3CC.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3CD.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3CE.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3CF.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D1.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D2.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D3.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D5.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D7.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D8.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3D9.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3DA.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3DB.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3DD.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3DE.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3DF.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E0.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E1.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E2.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E3.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E5.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E7.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3E9.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3EA.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3EB.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3EC.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3ED.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3EE.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F0.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F1.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F2.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F3.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F4.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F5.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F8.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3F9.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3FA.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3FC.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT3FD.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT4.tmp"
Sun 26 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT5.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT6.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT6B.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT7.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT75.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT76.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT7A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT7B.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT7E.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT8.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT82.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT83.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT84.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT85.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT86.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT87.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT88.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT89.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT8A.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT8B.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT8C.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT8D.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT8E.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT91.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT93.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT94.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT95.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT96.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT97.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT98.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BIT9C.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITA.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITA5.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITA9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITAE.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITB.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITB1.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITB3.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITB5.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITBB.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITBF.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITC.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITC0.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITC2.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITC5.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITC7.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITC9.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITCB.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITCC.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITD.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITE.tmp"
Mon 27 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITE7.tmp"
Sun 26 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828123800\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITF.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20070828124145\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITCE.tmp"
Tue 28 Aug 2007 0 A..H. --- "C:\Deckard\System Scanner\20071109101312\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\BITE8.tmp"
Fri 28 Jan 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 28 Jan 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"

Finished!


Deckard's System Scanner v20070826.66
Run by Farnsworth on 2007-11-12 09:30:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Farnsworth.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:35 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Virus Removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FARNSW~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7285 bytes

-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 09:03:29 0 d-------- C:\WINDOWS\ERUNT
2007-11-09 10:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-09 10:11:35 0 d-------- C:\Program Files\xp-AntiSpy
2007-11-09 10:10:38 0 d-------- C:\Program Files\SysJewel
2007-11-09 10:02:28 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-11-09 10:02:28 0 d-------- C:\Program Files\Belarc
2007-11-09 09:59:18 0 d-------- C:\Program Files\SpywareBlaster
2007-11-08 13:24:57 0 d-------- C:\Program Files\Lavasoft
2007-11-08 13:24:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-08 13:22:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 14:35:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-06 14:34:41 0 d-------- C:\Program Files\Spyware Doctor
2007-11-06 14:34:41 0 d-------- C:\Documents and Settings\Farnsworth\Application Data\PC Tools
2007-11-06 14:32:16 0 dr-h----- C:\Documents and Settings\Farnsworth\Recent
2007-11-06 14:24:59 0 d-------- C:\Program Files\CCleaner
2007-11-06 14:19:02 0 d-------- C:\Program Files\RegCleaner
2007-11-06 13:50:04 0 d-------- C:\WINDOWS\Prefetch
2007-11-06 06:51:48 0 d-------- C:\WINDOWS\dell
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-05 14:09:23 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-05 14:09:23 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-05 14:09:23 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-05 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-05 14:09:23 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-05 14:09:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-05 14:09:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-05 14:09:22 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-05 14:09:22 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-05 14:09:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-05 14:09:22 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-05 14:09:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2007-11-12 09:13:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-08 13:22:53 0 d-------- C:\Program Files\Common Files
2007-11-06 13:35:44 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-05 14:11:44 2050 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-22 07:14:03 0 d-------- C:\Program Files\Symantec


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 08:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2007 01:44 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/07/2007 01:44 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/13/2004 10:23 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/14/2004 12:35 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [10/07/2006 06:20 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Farnsworth^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Farnsworth\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms]
C:\Program Files\Microsoft\svhost32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r]
C:\WINDOWS\down\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rzt]
C:\WINDOWS\Intel\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe




-- End of Deckard's System Scanner: finished at 2007-11-12 09:31:54 ------------

 

[Ried]

Glad to hear that, but we're not quite through yet. :smile:

Disable Spybot TeaTimer as it may interfere with the fix below:

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Open notepad and copy/paste the entire text in the code box below: (don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Farnsworth^Start Menu^Programs^Startup^system.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rzt]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

These logs don't show us everything. Given the type of infection that was on this system, it would be prudent to run an online scan to search for any remnants that may be lurking about.

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
      [*]Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

 

[survtek]

Thank you again for getting back with me. I will run the delete.reg file in a few minutes, but the computer is not currently connected to the internet. It's my friend's laptop and I have it at work cleaning it up for him. Is there a scanner I can download and run instead of the online one?

 

[survtek]

Okay, I disabled the Tea Timer & ran the delete.reg file you gave me and it all seems to have worked properly. I still do not have internet access with this laptop right now so is there a scanner that I can download and run on the pc to take the place of the kaspersky.com link you sent me?

 

[Ried]

It really is best to get an online scan done. Given your circumstances, let's at least use this stand alone scanner. It can be quite aggressive, so be sure to configure it exactly as instructed.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar, Go to Options>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to Report
• Next, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

 

[survtek]

Thank you for the alternate scanner. I ran it on the computer and it found several things. The results of the log are listed below:

ntos.exe;c:\windows\system32;Trojan.Proxy.2071;Deleted.;
_desktop.ini;C:\;Win32.HLLW.Gavir.ini;;
count[1].htm\javascript.0;C:\Deckard\System Scanner\20071112074719\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\IZBH6G9Z\c;VBS.Psyme.377;;
count[1].htm;C:\Deckard\System Scanner\20071112074719\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\IZBH6G9Z;Archive contains infected objects;;
new[1].htm\javascript.0;C:\Deckard\System Scanner\20071112074719\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\JTBZ5XCS\n;VBS.Psyme.439;;
new[1].htm;C:\Deckard\System Scanner\20071112074719\backup\DOCUME~1\FARNSW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\JTBZ5XCS;Archive contains infected objects;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\asp_setupUS;Probably BACKDOOR.Trojan;;
RegUBP2b-Farnsworth.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;;
NetZero - First Month Free!.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;;
p4ck.exe;C:\Documents and Settings\Farnsworth;Trojan.Proxy.2071;;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;;
Process.exe;C:\RECYCLER\S-1-5-21-27987841-921125120-4191668413-500\Dc3;Tool.Prockill;;
restart.exe;C:\RECYCLER\S-1-5-21-27987841-921125120-4191668413-500\Dc3;Tool.ShutDown.11;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0000460.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10;Trojan.Proxy.2071;;
Process.exe;C:\Virus Removal\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Virus Removal\SmitfraudFix;Tool.ShutDown.11;;
autorun.exeCommon Startup;C:\WINDOWS\pss;Trojan.Fakealert.357;;
system.exeStartup;C:\WINDOWS\pss;Trojan.Fakealert.357;;
GTDownDE_87.ocx;C:\WINDOWS\system32;Adware.Gdown;;
vnc-3.3.7-x86_win32_viewer.exe;D:\VNC\Version3.3.7\ViewerOnly;Program.RemoteAdmin;;

 

[Ried]

I'd still prefer an online scan, but if this is the most you can do under the circumstances...

How is the system behaving now?

 

[survtek]

The system appears to be behaving well at this time, but that last scan found several Trojans and suspected Trojans, is that ok? I'm sure that it probably finds things that are not really Trojans but look like them from a code view. I will get the laptop owner to run the kaspersky online scan when he gets the laptop back home and see if I can walk him through getting the log files back to me so I can post them. It may take a few days because I may end up going to his house to run the scan myself. I'll post the logs when I can.

 

[Ried]

Hi,

That's correct, and why I had wanted you to configure DrWeb to Report only. :wink:

Go to DrWeb Quarantine folder and move these items back to the folder they originated from:

(GTDownDE is used by Dell to send info when you run Dell Support tools - such as "Check Now". )

• GTDownDE_87.ocx Move/copy to --> C:\i386
• setup.exe Move to --> C:\Program Files\AOL\Installers\ASP 2.0
• GTDownAO_106.ocx Move to --> C:\Program Files\Common Files\AolCoach\en_en
• GTDownDE_87.ocx Move to --> C:\WINDOWS\system32
• vnc-3.3.7-x86_win32_viewer.exe Move to--> D:\VNC\Version3.3.7\ViewerOnly

It may take a few days because I may end up going to his house to run the scan myself. I'll post the logs when I can.

That's fine--I'll leave this thread open.

Before you hand this computer back, let's take care of some final housekeeping:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will flush out previous restore points (which contain the infections) and create a new restore point.

**************************************************************************************

Please advise your client/friend.....

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically. :smile:

 

[survtek]

Okay, there were no files in quarantine, but I visually verified that the files you listed were still in their original locations and they were.
I reset the hidden system files and folders, made sure Windows update is still on and created a new restore point.
I'll post again when I finally get the online scan run.
Thank you very much for all your asssitance with this issue.

 

[Ried]

You're welcome..see you in a few days. :sayyes: