Please help- Worm in the system

**exploreint** · 2007-11-24, 00:08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:29 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\Trend Micro\HijackThis\exploreint.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydriv...RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aagrtasv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11007 bytes

**exploreint** · 2007-11-24, 00:10

SDFix: Version 1.115

Run by Q12 Alex on Fri 11/23/2007 at 04:49 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\Fonts\Crack.exe - Deleted
C:\WINDOWS\Fonts\svchost.exe - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,944 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 4795 File(s) 3,058,946,275 bytes - Deleted

Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 16:58:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d08b02f]
"000f86f49a4a"=hex:a3,48,80,d2,7c,93,09,56,f4,e7,8e,0f,cb,6b,b8,a6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d08b02f]
"000f86f49a4a"=hex:a3,48,80,d2,7c,93,09,56,f4,e7,8e,0f,cb,6b,b8,a6

scanning hidden registry entries ...

scanning hidden files ...

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat 4363 bytes
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml 282 bytes
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml 6993 bytes
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak 6993 bytes
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml 1698 bytes
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak 1698 bytes
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\StartupCleaner
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\StartupCleaner\Backup
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml 650 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 10

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"="C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rclrxyws.exe"="C:\\WINDOWS\\system32\\rcl"
"C:\\WINDOWS\\system32\\hslynsus.exe"="C:\\WINDOWS\\system32\\hsl"
"C:\\WINDOWS\\system32\\cmrscpjh.exe"="C:\\WINDOWS\\system32\\cmr"
"C:\\WINDOWS\\system32\\hyqephhe.exe"="C:\\WINDOWS\\system32\\hyq"
"C:\\WINDOWS\\system32\\aagrtasv.exe"="C:\\WINDOWS\\system32\\aag"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"="C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 24 May 2007 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Wed 26 Sep 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Tue 10 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 27 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 22 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 10 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe"
Tue 10 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\Packs\SysFiles\26_MSIMN.EXE"
Thu 22 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch1\lock.tmp"
Fri 2 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\lock.tmp"
Fri 2 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\lock.tmp"
Tue 6 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch4\lock.tmp"
Fri 2 Nov 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\lock.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico10.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1055.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1056.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1057.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1058.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1059.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico11.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico12.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico13.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico14.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico146.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico148.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico149.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico14A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico14B.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico15.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico16.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico17.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico18.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico19.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1A.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1B.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1C.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico1F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico20.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico21.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico22.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico23.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico24.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico25.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico254.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico255.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico256.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico257.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico258.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico26.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico268.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico26A.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico26B.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico26C.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico26D.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico27.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico28.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico29.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2A.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2A9.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2AA.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2AB.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2AC.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2AD.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2AF.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B0.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B1.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B2.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B3.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B4.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B5.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B6.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B7.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B8.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2B9.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2BA.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2BB.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2BC.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2BD.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2C.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2C4.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2C5.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2C6.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2C7.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2C8.tmp"

**exploreint** · 2007-11-24, 00:13

Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2D.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2E.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico30.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico31.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico32.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico33.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico34.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico35.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico36.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico37.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico38.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico39.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico40.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4042.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4043.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4044.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4045.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4046.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4047.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4048.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4049.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico404A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico404B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico41.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico42.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico43.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico44.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico45.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico46.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico47.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico48.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico49.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4F.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico50.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico51.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico52.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico53.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico54.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico54F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico55.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico550.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico551.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico552.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico553.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico56.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico57.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico58.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico59.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5F.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico65.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico66.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico67.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico68.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico69.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6F.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico70.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico71.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico72.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico73.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico74.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico75.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico76.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico77.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico78.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico79.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7D.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico82.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico83.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico84.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico85.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico86.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8B.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8C.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8D.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8E.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico98.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico99.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9B.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9C.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoA.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoB.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoC.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoD.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoE.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoF.tmp"

Finished!

**exploreint** · 2007-11-24, 00:13

Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2D.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2E.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico2F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico30.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico31.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico32.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico33.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico34.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico35.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico36.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico37.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico38.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico39.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico3F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico40.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4042.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4043.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4044.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4045.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4046.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4047.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4048.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4049.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico404A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico404B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico41.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico42.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico43.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico44.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico45.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico46.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico47.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico48.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico49.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico4F.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico50.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico51.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico52.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico53.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico54.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico54F.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico55.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico550.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico551.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico552.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico553.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico56.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico57.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico58.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico59.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico5F.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico65.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico66.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico67.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico68.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico69.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6D.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6E.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico6F.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico70.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico71.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico72.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico73.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico74.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico75.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico76.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico77.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico78.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico79.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7A.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7B.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7C.tmp"
Wed 14 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico7D.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico82.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico83.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico84.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico85.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico86.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8B.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8C.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8D.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico8E.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico98.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico99.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9B.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\ico9C.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoA.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoB.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoC.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoD.tmp"
Mon 12 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoE.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\icoF.tmp"

Finished!

**Shaba** · 2007-11-24, 10:55

Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\rclrxyws.exe"=-
"C:\\WINDOWS\\system32\\hslynsus.exe"=-
"C:\\WINDOWS\\system32\\cmrscpjh.exe"=-
"C:\\WINDOWS\\system32\\hyqephhe.exe"=-
"C:\\WINDOWS\\system32\\aagrtasv.exe"=-

It should look like this ->

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here
with screenshots.)

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report

**exploreint** · 2007-11-24, 21:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:30 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\exploreint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydriv...RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aagrtasv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10888 bytes

**exploreint** · 2007-11-24, 22:12

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 24, 2007 3:12:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/11/2007
Kaspersky Anti-Virus database records: 464978
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
M:\

Scan Statistics:
Total number of scanned objects: 71073
Number of viruses found: 8
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 01:10:15

Infected Object Name / Virus Name / Last Action
C:\!KillBox\aagrtasv.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\achhginx.dll Object is locked skipped
C:\!KillBox\cwfvbmow.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\cxvvupkt.dll Object is locked skipped
C:\!KillBox\gmptwebs.dll Object is locked skipped
C:\!KillBox\hyqephhe.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\mkhcnafs.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\tjxptdle.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\txyfdrfh.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\urylakwj.dll Object is locked skipped
C:\!KillBox\wkpelmdl.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\xirmbjeu.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\xnlcxsws.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\xpxxiotl.dll Object is locked skipped
C:\!KillBox\z.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0005/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0005/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0005 Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006/stream/data0004 Infected: not-a-virus:AdWare.Win32.BHO.ha skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006/stream Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe NSIS: infected - 7 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-11022007-233442.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Q12 Alex\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\History\History.IE5\MSHist012007112420071125\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temp\~DF9FF.tmp Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temp\~DFE6E7.tmp Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\My Documents\My Videos\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Q12 Alex\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Q12 Alex\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edbtmp.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live(3)\ClientSD(2)\Ent.dat Object is locked skipped
C:\RTBTrace.txt Object is locked skipped
C:\SDFix\backups\backups.zip/backups/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\SDFix\backups\backups.zip/backups/svchost.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000077.dll Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000078.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000080.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000081.dll Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000083.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000085.dll Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000086.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000088.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000090.dll Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000091.dll Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000094.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000096.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000098.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000099.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000103.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000134.dll Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP4\A0000152.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP4\A0000153.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP4\A0000158.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP4\A0000159.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{12BE88EF-0CE3-4A88-BA28-97EE99E8311E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cmrscpjh.exe.ren Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ljjiged.dll.ren Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_708.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**Shaba** · 2007-11-25, 11:07

Hi

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: DomainService
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete DomainService
Click: OK

Empty these folders:

C:\!KillBox\
C:\Deckard\System Scanner\20071120100556\backup
C:\SDFix\backups\

Delete these:

C:\Documents and Settings\All Users\Documents\My Music\Rare Recording.wma
C:\WINDOWS\system32\cmrscpjh.exe.ren
C:\WINDOWS\system32\ljjiged.dll.ren

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report

**exploreint** · 2007-11-25, 17:57

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:37 AM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\exploreint.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydriv...RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10793 bytes

**Shaba** · 2007-11-25, 18:39

Hi

How about a fresh kaspersky report?

Thread: Please help- Worm in the system

Thread Tools

Display

Posting Permissions