Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This Is My Second Machine With Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 ebg005

ebg005

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 June 2008 - 03:09 PM

I have a type of malware that disables the update feature in most virus software, I have tried Norton Internet Security, McAfee Internet Security Suite, Norton System Works and Norton Personal Firewall among others. It crashed and stopped and deleted DSS.EXE from my computer and blanked out Task Manager until I got systernals Process Monitor and ran it a few time and disabled the wmiapsvr.exe service which was resposible. Finally got it to run. I have re-imaaged 2 machiines three times so it seems to be someting maybe in the boot sector or Computer Bios because it keeps coming back... I'M STUMPED...

Below are the logs as per your sites MALWARE Removal_Preparation Site.

[KASPERSKY LOG]
Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 15:00:21
Records in database: 860033


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 33171
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:53:40

No malware has been detected. The scan area is clean.
The selected area was scanned.



[MAIN.TXT]

Deckard's System Scanner v20071014.68
Run by root on 2008-06-13 17:53:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-06-13 21:53:38 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-06-12 07:00:20 UTC - RP21 - Software Distribution Service 3.0
20: 2008-06-09 19:24:47 UTC - RP20 - Installed Realtek AC'97 Audio
19: 2008-06-09 19:19:39 UTC - RP19 - Installed ATI Catalyst Control Center
18: 2008-06-09 19:12:40 UTC - RP18 - Installed REALTEK GbE & FE Ethernet PCI NIC Driver


-- First Restore Point --
1: 2008-06-07 05:19:15 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-13 17:54:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator.NETPC30495\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlido11custreg?clid=1033
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: about://internet (HKCU)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
O23 - Service: SQL Server Active Directory Helper (MSSQLServerADHelper) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe


--
End of file - 4306 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 MSSQL$MSSMLBIZ (SQL Server (MSSMLBIZ)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -smssmlbiz (file missing)
S4 MSSQLServerADHelper (SQL Server Active Directory Helper) - "c:\program files\microsoft sql server\90\shared\sqladhlp90.exe" (file missing)
S4 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00\2004888&0
Manufacturer: (Standard disk drives)
Name: Generic USB SD Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00\2004888&0
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01\2004888&1
Manufacturer: (Standard disk drives)
Name: Generic USB CF Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01\2004888&1
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02\2004888&2
Manufacturer: (Standard disk drives)
Name: Generic USB SM Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02\2004888&2
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03\2004888&3
Manufacturer: (Standard disk drives)
Name: Generic USB MS Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03\2004888&3
Service: disk


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-10 20:34:34 101888 --a------ C:\WINDOWS\system32\vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-10 20:34:34 0 d-------- C:\Program Files\SpywareBot
2008-06-10 20:07:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 17:20:22 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-10 16:11:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-06-10 16:02:35 0 d-------- C:\WINDOWS\Sun
2008-06-10 16:02:35 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\Sun
2008-06-10 15:16:53 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-10 14:47:31 0 d-------- C:\WINDOWS\pss
2008-06-10 14:43:36 0 -rahs---- C:\MSDOS.SYS
2008-06-10 14:43:36 0 -rahs---- C:\IO.SYS
2008-06-09 18:58:32 0 d-------- C:\Documents and Settings\webuser\Application Data\Adobe
2008-06-09 18:50:11 0 d-------- C:\Documents and Settings\webuser\Application Data\ATI
2008-06-09 15:49:52 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\ATI
2008-06-09 15:37:18 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\Macromedia
2008-06-09 15:37:17 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\Adobe
2008-06-09 15:24:51 0 d-------- C:\Program Files\Realtek AC97
2008-06-09 15:24:48 307200 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-06-09 15:24:47 212992 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-06-09 15:15:59 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\WinBatch
2008-06-09 15:12:40 0 d-------- C:\WINDOWS\OPTIONS
2008-06-09 14:53:18 0 d-------- C:\Documents and Settings\webuser\Application Data\SampleView
2008-06-09 03:05:51 0 d-------- C:\Program Files\MSXML 6.0
2008-06-08 03:00:20 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-07 15:45:15 0 d-------- C:\LOCAL
2008-06-07 03:27:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-07 03:10:11 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\SampleView
2008-06-07 02:36:07 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-07 02:17:30 0 d-------- C:\Documents and Settings\webuser\Application Data\Identities
2008-06-07 02:17:19 0 d-------- C:\Documents and Settings\webuser\Desktop
2008-06-07 02:17:19 0 d---s---- C:\Documents and Settings\webuser\Cookies
2008-06-07 02:17:19 0 dr-h----- C:\Documents and Settings\webuser\Application Data
2008-06-07 02:17:19 0 d---s---- C:\Documents and Settings\webuser\Application Data\Microsoft
2008-06-07 02:17:18 0 d--h----- C:\Documents and Settings\webuser\Templates
2008-06-07 02:17:18 0 dr------- C:\Documents and Settings\webuser\Start Menu
2008-06-07 02:17:18 0 dr-h----- C:\Documents and Settings\webuser\SendTo
2008-06-07 02:17:18 0 dr-h----- C:\Documents and Settings\webuser\Recent
2008-06-07 02:17:18 0 d--h----- C:\Documents and Settings\webuser\PrintHood
2008-06-07 02:17:18 786432 --ah----- C:\Documents and Settings\webuser\NTUSER.DAT
2008-06-07 02:17:18 0 d--h----- C:\Documents and Settings\webuser\NetHood
2008-06-07 02:17:18 0 dr------- C:\Documents and Settings\webuser\My Documents
2008-06-07 02:17:18 0 d--h----- C:\Documents and Settings\webuser\Local Settings
2008-06-07 02:17:18 0 dr------- C:\Documents and Settings\webuser\Favorites
2008-06-07 01:51:03 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-07 01:30:41 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-07 01:21:08 0 d-------- C:\ProgramData
2008-06-07 01:21:07 0 d-------- C:\Users
2008-06-07 01:20:44 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Application Data\Identities
2008-06-07 01:20:31 0 dr------- C:\Documents and Settings\Administrator.NETPC30495\Favorites
2008-06-07 01:20:31 0 d-------- C:\Documents and Settings\Administrator.NETPC30495\Desktop
2008-06-07 01:20:31 0 d---s---- C:\Documents and Settings\Administrator.NETPC30495\Cookies
2008-06-07 01:20:31 0 dr-h----- C:\Documents and Settings\Administrator.NETPC30495\Application Data
2008-06-07 01:20:30 0 d--h----- C:\Documents and Settings\Administrator.NETPC30495\Templates
2008-06-07 01:20:30 0 dr------- C:\Documents and Settings\Administrator.NETPC30495\Start Menu
2008-06-07 01:20:30 0 dr-h----- C:\Documents and Settings\Administrator.NETPC30495\SendTo
2008-06-07 01:20:30 0 dr-h----- C:\Documents and Settings\Administrator.NETPC30495\Recent
2008-06-07 01:20:30 0 d--h----- C:\Documents and Settings\Administrator.NETPC30495\PrintHood
2008-06-07 01:20:30 1048576 --ah----- C:\Documents and Settings\Administrator.NETPC30495\NTUSER.DAT
2008-06-07 01:20:30 0 d--h----- C:\Documents and Settings\Administrator.NETPC30495\NetHood
2008-06-07 01:20:30 0 dr------- C:\Documents and Settings\Administrator.NETPC30495\My Documents
2008-06-07 01:20:30 0 d--h----- C:\Documents and Settings\Administrator.NETPC30495\Local Settings
2008-06-07 01:19:02 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2008-06-07 01:18:54 0 d-------- C:\Program Files\Program Shortcuts
2008-05-18 22:58:07 20 --ahs---- C:\ArcDeviceInfo


-- Find3M Report ---------------------------------------------------------------

2008-06-13 11:57:33 0 d-------- C:\Program Files\Common Files
2008-06-10 15:41:36 0 d-------- C:\Program Files\ATI Technologies
2008-06-10 15:17:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 15:12:40 0 d-------- C:\Program Files\Realtek
2008-06-09 03:06:11 0 d-------- C:\Program Files\Messenger
2008-06-07 01:37:46 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-07 01:25:36 0 d-------- C:\Program Files\Online Services


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [03/13/2007 08:31 PM]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [08/07/2007 02:59 PM]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [05/12/2006 05:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 8:44:06 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"AgereModemAudio"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556be38d-3677-11dd-a844-0015f2f1c864}]
AutoRun\command- G:\CruzerProfile.exe /autorun




-- End of Deckard's System Scanner: finished at 2008-06-13 17:55:14 ------------




[EXTRA.TXT]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 958.48 MiB / 704.29 MiB
Pagefile Memory (total/avail): 2313.95 MiB / 2146.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.48 MiB

C: is Fixed (NTFS) - 40.88 GiB total, 33.91 GiB free.
D: is Fixed (NTFS) - 15.01 GiB total, 13.23 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT)
G: is Fixed (FAT) - 0.02 GiB total, 0.01 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD600BB-00CAA1 - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 40.88 GiB - C:
\PARTITION1 - Installable File System - 15.01 GiB - D:

\\.\PHYSICALDRIVE1 - SanDisk Cruzer Profile USB Device - 15.69 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 17.97 MiB - G:

\\.\PHYSICALDRIVE2 - SanDisk Cruzer Profile USB Device - 957 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 959 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Disabled:Scheduler "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.NETPC30495\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NETPC30495
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.NETPC30495
LOGONSERVER=\\NETPC30495
NUMBER_OF_PROCESSORS=1
OnlineServices=Online Services
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PLATFORM=BPC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp
USERDOMAIN=NETPC30495
USERNAME=root
USERPROFILE=C:\Documents and Settings\Administrator.NETPC30495
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

webuser
Administrator.NETPC30495 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Dual-Core Optimizer --> MsiExec.exe /X{38DD9AAA-A09A-42FF-A9EE-DA9C84B2E036}
High Definition Audio Driver Package - KB888111 -->
HP Backup and Recovery Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x9 -removeonly
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
SpywareBot 3.6.0.3 --> "C:\Program Files\SpywareBot\unins000.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type165 / Error
Event Submitted/Written: 06/11/2008 08:14:01 PM / 06/11/2008 08:14:06 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900001064 (0x428)0x7C90EB94
Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\WINDOWS\Debug\UserMode\userenv.log
by C:\WINDOWS\System32\svchost.exe
22304(20000)(0)
22302(20000)(0)
22301(20000)(0)
226(20000)(0)
223(20000)(0)
220(20000)(0)
4(0)(0)
4(0)(0)

Event Record #/Type164 / Error
Event Submitted/Written: 06/11/2008 08:14:01 PM
Event ID/Source: 5019 / McLogEvent
Event Description:
VSCORE.14.0.0.349
Exception Code : 0XC0000005
Exception Address : 0X00408364
Exception Parameters : 2
Param 1 = 0X00000001
Param 2 = 0X00000014

More information :
ScanRequest : NTName is \Device\HarddiskVolume1\WINDOWS\system32\WBEM\Logs\wbemess.log.

Event Record #/Type158 / Error
Event Submitted/Written: 06/11/2008 08:03:28 PM
Event ID/Source: 2000 / Microsoft Office 11
Event Description:
Microsoft Office OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Event Record #/Type157 / Error
Event Submitted/Written: 06/11/2008 08:03:04 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900001156 (0x484)0x7C90EB94
Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Administrator.NETPC30495\Favorites\desktop.ini
by C:\Program Files\Internet Explorer\iexplore.exe
22304(20000)(0)
22302(20000)(0)
22301(20000)(0)
226(20000)(0)
223(20000)(0)
220(20000)(0)
4(0)(0)
4(0)(0)

Event Record #/Type156 / Error
Event Submitted/Written: 06/11/2008 08:03:04 PM
Event ID/Source: 5019 / McLogEvent
Event Description:
VSCORE.14.0.0.349
Exception Code : 0XC0000005
Exception Address : 0X00408364
Exception Parameters : 2
Param 1 = 0X00000001
Param 2 = 0X00000014

More information :
ScanRequest : NTName is \Device\HarddiskVolume1\PROGRAM FILES\MCAFEE\VIRUSSCAN\MFESMFA.DLL.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1109 / Warning
Event Submitted/Written: 06/13/2008 00:23:04 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP DeskJet 882C for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPVDJ882.GPD, UNIDRV.HLP, UNIRES.DLL, HPVDJ50.INI, HPVUD50.DLL, HPVUI50.DLL, HPVIMG50.DLL, HPV880AL.DLL, HPVDJ89X.GPD, HPVDJ200.HLP, HPVNAM50.GPD, STDNAMES.GPD.

Event Record #/Type1057 / Error
Event Submitted/Written: 06/13/2008 11:55:29 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The MBackMonitor service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type1022 / Warning
Event Submitted/Written: 06/12/2008 03:33:20 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP DeskJet 882C for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPVDJ882.GPD, UNIDRV.HLP, UNIRES.DLL, HPVDJ50.INI, HPVUD50.DLL, HPVUI50.DLL, HPVIMG50.DLL, HPV880AL.DLL, HPVDJ89X.GPD, HPVDJ200.HLP, HPVNAM50.GPD, STDNAMES.GPD.

Event Record #/Type1016 / Error
Event Submitted/Written: 06/12/2008 03:05:20 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type1015 / Error
Event Submitted/Written: 06/12/2008 03:05:20 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)



-- End of Deckard's System Scanner: finished at 2008-06-13 17:55:14 ------------

[MOVED.TXT]

Directories/Files moved to C:\Deckard\System Scanner\backup

2005-08-13 20:05:00 110592 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\AtiCimUn.exe <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-06-07 02:48:27 199 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\BcmCustomActionErrors.xml
2008-06-09 19:45:00 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\CDM
2008-06-10 16:02:47 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Citrix
2008-06-10 16:02:47 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\CitrixLogs
2008-06-10 15:16:35 161 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\debugf.txt
2008-06-07 03:21:56 401 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\dw.log
2008-06-11 20:11:12 262144 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\fb_1364.lck
2008-06-11 19:56:05 262144 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\fb_1532.lck
2008-06-07 03:30:28 262144 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\fb_1756.lck
2008-06-13 12:21:38 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\hsperfdata_root
2008-06-13 12:21:45 416 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\java_install_reg.log
2008-06-13 12:22:07 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\jkos-root
2008-06-13 12:28:20 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\KAV Updater update files
2008-06-07 02:48:27 1431958 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MBSsetuptmp26B.log
2008-06-07 02:15:39 10737 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Microsoft Office 2003 Setup(0001).txt
2008-06-07 02:15:39 414946 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt
2008-06-07 01:30:41 866 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6b.LOG
2008-06-07 01:30:54 848 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6c.LOG
2008-06-07 01:31:25 876 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6d.LOG
2008-06-07 01:32:34 876 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6e.LOG
2008-06-12 22:35:09 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\msohtml
2008-06-12 22:35:09 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\msohtml1
2008-06-10 15:56:02 848409 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\mvt.cab
2008-06-10 15:55:57 256 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\mvtapp.log
2008-06-10 15:57:06 92 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MVTDetection.log
2008-06-10 15:18:54 400 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\NDCNETOC.INF
2008-06-07 02:03:55 56 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\nswnetoc.txt
2008-06-07 02:14:11 45645 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\offcln11.log
2008-06-07 03:20:48 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\outlook logging
2008-06-07 02:53:51 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\PDFC
2008-06-10 15:03:55 16384 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Perflib_Perfdata_12c.dat
2008-06-09 15:47:05 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\pft14E.tmp
2008-06-10 15:16:28 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\pft3D.tmp
2008-06-09 15:50:22 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\pft8.tmp
2008-06-09 15:47:02 5310 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\plf14C.tmp
2008-06-10 15:16:19 5310 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\plf3B.tmp
2008-06-09 15:50:08 5310 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\plf6.tmp
2008-06-10 17:24:47 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\PRE1AA.tmp
2008-06-10 17:32:41 49 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\REGWIZ.LOG
2008-06-07 01:21:09 0 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sdpintl.ini
2006-04-04 21:05:00 139264 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\set36.tmp <Not Verified; InstallShield Software Corporation; InstallShield ®>
2008-06-10 20:00:04 6072 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Setup Log 2008-06-10 #001.txt
2008-06-10 20:08:46 97377 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Setup Log 2008-06-10 #002.txt
2008-06-07 02:46:48 19071 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\SetupExe(200806070243135B0).log
2008-06-09 15:24:26 15783864 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26664.exe <Verified; Hewlett-Packard; sp26664>
2008-06-09 15:17:57 66948800 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26671.exe <Verified; Hewlett-Packard; sp26671>
2008-06-09 15:23:25 3440632 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26676.exe <Verified; Hewlett-Packard; sp26676>
2008-06-09 16:06:50 1865312 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26684.exe <Verified; Hewlett-Packard; sp26684>
2008-06-09 15:32:11 4568872 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26689.exe <Verified; Hewlett-Packard Development Company, L.P.; sp26689>
2008-06-09 15:12:13 6207088 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26765.exe <Verified; Hewlett-Packard Development Company, L.P.; sp26765>
2008-06-09 15:28:29 1552136 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26779.exe <Verified; Hewlett-Packard Development Company, L.P.; sp26779>
2008-06-09 15:27:09 1713488 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp37253.exe <Verified; Hewlett-Packard Development Company, L.P.; HP Update Security Vulnerability Update>
2008-06-09 15:15:50 1941232 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp37394.exe <Verified; Hewlett-Packard Development Company, L.P.; sp37394>
2008-06-08 00:15:01 0 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sqlite_kOLw7CsfBteBzwO
2008-06-10 15:57:35 11186 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Supporatability.log
2008-06-07 02:03:54 8196 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\TFR1AA.tmp
2008-06-10 17:19:44 8196 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\TFR4C5.tmp
2005-11-08 03:37:52 583888 -----n--- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\UIUCU2.EXE <Verified; Conexant Systems, Inc.; Universal Device Install/Uninstall x86 App>
2008-06-11 20:22:16 44766 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Uninstall Log 2008-06-11 #001.txt
2008-06-11 19:52:26 11901 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.0.cs
2008-06-11 19:52:26 365 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.cmdline
2008-06-11 19:52:26 0 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.dll
2008-06-11 19:52:26 0 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.err
2008-06-11 19:52:26 478 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.out
2008-06-07 02:50:22 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\VBE
2008-06-10 15:01:00 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\{82C96A65-AF5E-438B-900F-259869219BA0}
2008-06-10 15:06:03 516 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~15C.tmp
2008-06-12 22:09:50 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF20A6.tmp
2008-06-10 15:35:53 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF2293.tmp
2008-06-07 02:29:39 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF2FC1.tmp
2008-06-10 16:54:39 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF4A3A.tmp
2008-06-07 02:56:44 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF4DAD.tmp
2008-06-10 20:36:14 65536 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF4EA4.tmp
2008-06-10 16:59:10 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF5856.tmp
2008-06-10 16:50:06 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF635E.tmp
2008-06-09 19:41:17 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF656.tmp
2008-06-11 20:35:51 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF6621.tmp
2008-06-11 19:51:48 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF73DD.tmp
2008-06-07 02:38:52 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF75BC.tmp
2008-06-10 14:50:53 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF763C.tmp
2008-06-10 15:08:11 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF783.tmp
2008-06-10 15:03:04 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF7A9B.tmp
2008-06-09 15:53:43 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF7FBD.tmp
2008-06-09 15:50:08 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF8872.tmp
2008-06-09 15:05:33 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF92BB.tmp
2008-06-12 15:10:20 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF935E.tmp
2008-06-11 20:10:32 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF958E.tmp
2008-06-10 15:43:29 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFAF4B.tmp
2008-06-10 17:27:14 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFB8FA.tmp
2008-06-07 03:05:31 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFBCB1.tmp
2008-06-09 16:08:50 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFC398.tmp
2008-06-11 19:55:26 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFC673.tmp
2008-06-11 20:24:02 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFE173.tmp
2008-06-10 13:51:11 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFE40.tmp
2008-06-11 14:36:47 49152 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFEA5E.tmp
2008-06-10 15:30:00 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFEB21.tmp
2008-06-07 03:30:04 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFF361.tmp
2005-08-12 17:35:00 212992 --a------ C:\WINDOWS\temp\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2005-08-12 18:40:00 307200 --a------ C:\WINDOWS\temp\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2004-09-07 13:47:00 57344 --a------ C:\WINDOWS\temp\Alcxmntr.exe <Verified; Realtek Semiconductor Corp.; Realtek Audio - Event Monitor>
2005-09-05 04:51:00 15057 --a------ C:\WINDOWS\temp\alcxwdm.cat
2005-08-29 15:11:00 3644928 --a------ C:\WINDOWS\temp\alcxwdm.sys <Verified; Realtek Semiconductor Corp.; Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)>
2005-08-29 16:14:00 27399 --a------ C:\WINDOWS\temp\Alcxwdm0.inf
2005-08-29 16:14:00 22179 --a------ C:\WINDOWS\temp\Alcxwdm1.inf
2005-08-17 18:25:00 18771968 --a------ C:\WINDOWS\temp\alsndmgr.cpl <Verified; Realtek Semiconductor Corp.; Realtek AC97 Audio Sound Effect Manager>
2002-02-05 13:54:00 141016 --a------ C:\WINDOWS\temp\alsndmgr.wav
2005-07-15 16:48:00 40960 --a------ C:\WINDOWS\temp\ChCfg.exe
2008-06-07 01:18:16 0 d---s---- C:\WINDOWS\temp\Cookies
2000-09-29 06:27:08 36352 -----n--- C:\WINDOWS\temp\DelB.tmp
2008-06-11 19:51:55 262144 --a------ C:\WINDOWS\temp\fb_1004.lck
2008-06-09 19:40:47 262144 --a------ C:\WINDOWS\temp\fb_1016.lck
2008-06-11 20:10:54 262144 --a------ C:\WINDOWS\temp\fb_984.lck
2008-06-07 01:18:16 0 d---s---- C:\WINDOWS\temp\History
2008-06-10 17:26:27 0 d-------- C:\WINDOWS\temp\MCE00000
2008-06-11 14:38:56 0 d-------- C:\WINDOWS\temp\MCE00001
2008-06-11 19:55:18 0 d-------- C:\WINDOWS\temp\MCE00002
2008-06-11 20:03:42 0 d-------- C:\WINDOWS\temp\MCE00003
2008-06-11 20:10:40 0 d-------- C:\WINDOWS\temp\MCE00004
2008-06-11 20:23:47 0 d-------- C:\WINDOWS\temp\MCE00005
2008-06-11 20:35:52 0 d-------- C:\WINDOWS\temp\MCE00006
2008-06-12 15:04:53 0 d-------- C:\WINDOWS\temp\MCE00007
2008-06-07 03:29:34 0 --a-----t C:\WINDOWS\temp\mcmsc_5a2ESELjzNt9ncB
2008-06-11 20:35:32 0 --a-----t C:\WINDOWS\temp\mcmsc_cpD69RlH06CvKjH
2008-06-10 14:52:30 0 --a-----t C:\WINDOWS\temp\mcmsc_M8w0AIQcf4ZegwC
2008-06-10 14:52:30 0 --a-----t C:\WINDOWS\temp\mcmsc_mzbwW0bXO8jRp7I
2008-06-08 03:59:35 0 --a-----t C:\WINDOWS\temp\mcmsc_r9ryjKK2zEmKgbj
2008-06-11 14:38:46 0 --a-----t C:\WINDOWS\temp\mcmsc_Rd9pfBYG8fPVo9o
2008-06-11 20:10:21 0 --a-----t C:\WINDOWS\temp\mcmsc_t3b9QxleoetPrQx
2008-06-09 18:49:14 0 --a-----t C:\WINDOWS\temp\mcmsc_uVrSrtybnoRzhx8
2008-06-10 07:19:14 0 --a-----t C:\WINDOWS\temp\mcmsc_VlgpyinOhlFJa6e
2008-06-11 19:54:57 0 --a-----t C:\WINDOWS\temp\mcmsc_zRjSGYjMDvavMfq
2008-06-09 03:04:31 14888 --a------ C:\WINDOWS\temp\netfxsl.log
2008-06-09 03:05:12 10176 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
2008-06-12 03:06:28 262144 --a------ C:\WINDOWS\temp\NETPC30495.lck
2006-02-27 22:00:00 248832 --a------ C:\WINDOWS\temp\newdev.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-09 18:55:14 0 d-------- C:\WINDOWS\temp\PDFC
2004-09-07 14:23:00 156672 --a------ C:\WINDOWS\temp\RtlCPAPI.dll <Verified; ; RtlCPAPI Module>
2005-08-17 18:21:00 10458112 --a------ C:\WINDOWS\temp\RTLCPL.exe <Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2005-08-17 18:39:00 90112 --a------ C:\WINDOWS\temp\soundman.exe <Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2008-06-10 17:27:20 0 --a-----t C:\WINDOWS\temp\sqlite_0idbOx4qLF1G2kL
2008-06-07 03:30:54 0 --a-----t C:\WINDOWS\temp\sqlite_2ah2Obzyjr59Yb9
2008-06-07 02:17:58 0 --a-----t C:\WINDOWS\temp\sqlite_2DQRAlHOaqJmHxQ
2008-06-10 16:55:43 0 --a-----t C:\WINDOWS\temp\sqlite_2V9kaVtYNirHD5O
2008-06-11 20:24:39 0 --a-----t C:\WINDOWS\temp\sqlite_3xFP8m3TBQDRnan
2008-06-09 18:50:23 0 --a-----t C:\WINDOWS\temp\sqlite_5GncdMIcDox4Xqc
2008-06-10 17:27:20 0 --a-----t C:\WINDOWS\temp\sqlite_5oq84C55LGhHsgk
2008-06-07 02:17:58 1024 --a-----t C:\WINDOWS\temp\sqlite_7WicUlOzSXxl7ze
2008-06-08 11:23:47 0 --a-----t C:\WINDOWS\temp\sqlite_7YaGgHg6JwsvXgi
2008-06-07 02:09:13 0 --a-----t C:\WINDOWS\temp\sqlite_8jTNASSOB3KS4xN
2008-06-09 14:43:33 0 --a-----t C:\WINDOWS\temp\sqlite_8phxqlLCX7hpx3L
2008-06-11 20:36:46 0 --a-----t C:\WINDOWS\temp\sqlite_9fhxCe2ouJY6gBI
2008-06-07 02:57:55 0 --a-----t C:\WINDOWS\temp\sqlite_aHXgkqE2I9quJOX
2008-06-11 20:11:36 0 --a-----t C:\WINDOWS\temp\sqlite_aYJSQnQKTwdNfFG
2008-06-12 00:00:00 0 --a-----t C:\WINDOWS\temp\sqlite_bqsnGXCQ67LizF3
2008-06-09 14:43:33 0 --a-----t C:\WINDOWS\temp\sqlite_dZDF3gJPEfHLKPO
2008-06-09 15:48:02 0 --a-----t C:\WINDOWS\temp\sqlite_dzhORrVJYFhgh0e
2008-06-10 15:08:49 0 --a-----t C:\WINDOWS\temp\sqlite_ePahMscBf11p3AI
2008-06-10 17:32:00 1024 --a-----t C:\WINDOWS\temp\sqlite_eW6a9B81SqzBgJ4
2008-06-08 11:23:47 0 --a-----t C:\WINDOWS\temp\sqlite_f1n8hBBnmNeRfld
2008-06-11 14:39:52 0 --a-----t C:\WINDOWS\temp\sqlite_fIf83m263PglXfx
2008-06-07 03:28:32 0 --a-----t C:\WINDOWS\temp\sqlite_GDyAdGNSjavnaqz
2008-06-10 16:27:14 0 --a-----t C:\WINDOWS\temp\sqlite_gLmG8p8BCbrN2dh
2008-06-11 20:24:39 0 --a-----t C:\WINDOWS\temp\sqlite_GNiIQDALRE7qgel
2008-06-10 15:31:03 0 --a-----t C:\WINDOWS\temp\sqlite_gsyd5pjSJIZZZHQ
2008-06-07 02:07:00 1024 --a-----t C:\WINDOWS\temp\sqlite_h8dovAZjRbkL7nR
2008-06-11 19:56:15 0 --a-----t C:\WINDOWS\temp\sqlite_HiPi5AlYROOH8fX
2008-06-07 03:45:17 0 --a-----t C:\WINDOWS\temp\sqlite_HkEO8uXZSJnul1k
2008-06-07 02:57:55 0 --a-----t C:\WINDOWS\temp\sqlite_hmCnRbCnGKGJsMT
2008-06-11 22:49:47 0 --a-----t C:\WINDOWS\temp\sqlite_hS96IGWMJTdotDC
2008-06-10 15:36:43 0 --a-----t C:\WINDOWS\temp\sqlite_HYc7CLPrYQ9pPhF
2008-06-10 15:08:49 0 --a-----t C:\WINDOWS\temp\sqlite_Iq303TpGtOMV1RY
2008-06-10 15:36:43 0 --a-----t C:\WINDOWS\temp\sqlite_Jvew93xnPK9rJs8
2008-06-10 16:50:49 0 --a-----t C:\WINDOWS\temp\sqlite_Kev3hbJa6htyDoy
2008-06-10 15:44:08 0 --a-----t C:\WINDOWS\temp\sqlite_KNKrojkVmvAtgH9
2008-06-09 15:54:26 0 --a-----t C:\WINDOWS\temp\sqlite_koVfcQlIhsyAUGR
2008-06-11 19:56:15 0 --a-----t C:\WINDOWS\temp\sqlite_L40qNzcCvfApeTp
2008-06-09 18:50:25 0 --a-----t C:\WINDOWS\temp\sqlite_L5uXCOyK7aioxRX
2008-06-11 20:36:46 0 --a-----t C:\WINDOWS\temp\sqlite_lNsigWyqIcWZ6b3
2008-06-07 03:05:49 0 --a-----t C:\WINDOWS\temp\sqlite_ludUQgP0DQODvEz
2008-06-09 18:50:24 0 --a-----t C:\WINDOWS\temp\sqlite_lZPCZqBS7WR8QvL
2008-06-07 03:05:49 0 --a-----t C:\WINDOWS\temp\sqlite_m7Dm4z9U7pkKafc
2008-06-11 20:37:03 1024 --a-----t C:\WINDOWS\temp\sqlite_mS00JdmZUhr4xMo
2008-06-07 03:42:15 0 --a-----t C:\WINDOWS\temp\sqlite_MUIbGweV0C9WYrX
2008-06-07 03:30:54 0 --a-----t C:\WINDOWS\temp\sqlite_MyFfrCsneLZG8Pn
2008-06-07 02:55:30 0 --a-----t C:\WINDOWS\temp\sqlite_Myxbwaqi5zs1JGj
2008-06-11 19:51:41 0 --a-----t C:\WINDOWS\temp\sqlite_pCuSuNTyxSD7gGu
2008-06-10 15:44:08 0 --a-----t C:\WINDOWS\temp\sqlite_PdENcdNUytlDkqU
2008-06-10 15:28:36 0 --a-----t C:\WINDOWS\temp\sqlite_q0Dsa4QiPVffGDl
2008-06-09 18:50:24 0 --a-----t C:\WINDOWS\temp\sqlite_rAPU9eJntuP6K8A
2008-06-09 15:50:59 0 --a-----t C:\WINDOWS\temp\sqlite_SqcXBV56DZarINa
2008-06-07 02:09:13 0 --a-----t C:\WINDOWS\temp\sqlite_SsA8zDVpFK3rvxb
2008-06-10 17:00:13 0 --a-----t C:\WINDOWS\temp\sqlite_tfnySSdQ7Cj5ePq
2008-06-09 15:50:59 0 --a-----t C:\WINDOWS\temp\sqlite_tq5wDK77kp3GMv4
2008-06-10 15:31:03 0 --a-----t C:\WINDOWS\temp\sqlite_UB2Mh2fKVEGL7Iz
2008-06-07 03:42:15 0 --a-----t C:\WINDOWS\temp\sqlite_UcjITtDGWV7KNxv
2008-06-11 14:39:52 0 --a-----t C:\WINDOWS\temp\sqlite_UctKBRFm2eeLy0r
2008-06-10 16:27:14 0 --a-----t C:\WINDOWS\temp\sqlite_uRUag6HcwehPhuY
2008-06-07 03:45:17 0 --a-----t C:\WINDOWS\temp\sqlite_VavpIhaiwOyxtC8
2008-06-10 13:55:13 0 --a-----t C:\WINDOWS\temp\sqlite_WklHn4TZqNrgcYc
2008-06-10 16:48:31 0 --a-----t C:\WINDOWS\temp\sqlite_WRoCSOSn9H4D06D
2008-06-09 15:54:26 0 --a-----t C:\WINDOWS\temp\sqlite_wSt0L2z8tb7pd6X
2008-06-10 13:55:13 0 --a-----t C:\WINDOWS\temp\sqlite_WTjHnt4JdulvPTW
2008-06-12 19:04:47 0 --a-----t C:\WINDOWS\temp\sqlite_wxLOKaBn0clRBfX
2008-06-10 16:55:43 0 --a-----t C:\WINDOWS\temp\sqlite_Xd56crtC30wwSzS
2008-06-07 03:03:33 0 --a-----t C:\WINDOWS\temp\sqlite_xDNhFu4HkHakagH
2008-06-07 02:07:00 1024 --a-----t C:\WINDOWS\temp\sqlite_xLL9k9bgZ5XB3xS
2008-06-11 20:11:36 0 --a-----t C:\WINDOWS\temp\sqlite_XrejEx6hOtnZecG
2008-06-10 17:00:13 0 --a-----t C:\WINDOWS\temp\sqlite_YSwzGiY493mAhuR
2008-06-10 16:50:49 0 --a-----t C:\WINDOWS\temp\sqlite_ZFAcP4brCcV4VOF
2008-06-07 01:18:16 0 d---s---- C:\WINDOWS\temp\Temporary Internet Files
2008-03-24 19:33:02 1527056 --a------ C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe <Verified; Adobe Systems Incorporated; Adobe® Flash® Player ActiveX>
2008-04-17 15:53:54 147456 --a------ C:\WINDOWS\Downloaded Program Files\Uploader.exe <Not Verified; McAfee Inc.,; McAfee Virtual Technician>
2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>
2008-04-17 15:56:58 117584 --a------ C:\WINDOWS\Downloaded Program Files\McContentMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:56:16 354136 --a------ C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:57:18 119112 --a------ C:\WINDOWS\Downloaded Program Files\McLogMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:56:38 527696 --a------ C:\WINDOWS\Downloaded Program Files\McPlugins.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:57:38 238416 --a------ C:\WINDOWS\Downloaded Program Files\McProdMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:55:34 291680 --a------ C:\WINDOWS\Downloaded Program Files\MVT.dll <Verified; McAfee Inc.; McAfee Virtual Technician>

-*- End of Logfile -*-
Directories/Files moved to C:\Deckard\System Scanner\backup

2005-08-13 20:05:00 110592 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\AtiCimUn.exe <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-06-07 02:48:27 199 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\BcmCustomActionErrors.xml
2008-06-09 19:45:00 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\CDM
2008-06-10 16:02:47 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Citrix
2008-06-10 16:02:47 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\CitrixLogs
2008-06-10 15:16:35 161 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\debugf.txt
2008-06-07 03:21:56 401 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\dw.log
2008-06-11 20:11:12 262144 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\fb_1364.lck
2008-06-11 19:56:05 262144 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\fb_1532.lck
2008-06-07 03:30:28 262144 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\fb_1756.lck
2008-06-13 12:21:38 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\hsperfdata_root
2008-06-13 12:21:45 416 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\java_install_reg.log
2008-06-13 12:22:07 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\jkos-root
2008-06-13 12:28:20 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\KAV Updater update files
2008-06-07 02:48:27 1431958 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MBSsetuptmp26B.log
2008-06-07 02:15:39 10737 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Microsoft Office 2003 Setup(0001).txt
2008-06-07 02:15:39 414946 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt
2008-06-07 01:30:41 866 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6b.LOG
2008-06-07 01:30:54 848 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6c.LOG
2008-06-07 01:31:25 876 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6d.LOG
2008-06-07 01:32:34 876 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MSI9ee6e.LOG
2008-06-12 22:35:09 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\msohtml
2008-06-12 22:35:09 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\msohtml1
2008-06-10 15:56:02 848409 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\mvt.cab
2008-06-10 15:55:57 256 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\mvtapp.log
2008-06-10 15:57:06 92 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\MVTDetection.log
2008-06-10 15:18:54 400 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\NDCNETOC.INF
2008-06-07 02:03:55 56 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\nswnetoc.txt
2008-06-07 02:14:11 45645 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\offcln11.log
2008-06-07 03:20:48 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\outlook logging
2008-06-07 02:53:51 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\PDFC
2008-06-10 15:03:55 16384 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Perflib_Perfdata_12c.dat
2008-06-09 15:47:05 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\pft14E.tmp
2008-06-10 15:16:28 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\pft3D.tmp
2008-06-09 15:50:22 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\pft8.tmp
2008-06-09 15:47:02 5310 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\plf14C.tmp
2008-06-10 15:16:19 5310 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\plf3B.tmp
2008-06-09 15:50:08 5310 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\plf6.tmp
2008-06-10 17:24:47 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\PRE1AA.tmp
2008-06-10 17:32:41 49 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\REGWIZ.LOG
2008-06-07 01:21:09 0 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sdpintl.ini
2006-04-04 21:05:00 139264 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\set36.tmp <Not Verified; InstallShield Software Corporation; InstallShield ®>
2008-06-10 20:00:04 6072 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Setup Log 2008-06-10 #001.txt
2008-06-10 20:08:46 97377 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Setup Log 2008-06-10 #002.txt
2008-06-07 02:46:48 19071 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\SetupExe(200806070243135B0).log
2008-06-09 15:24:26 15783864 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26664.exe <Verified; Hewlett-Packard; sp26664>
2008-06-09 15:17:57 66948800 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26671.exe <Verified; Hewlett-Packard; sp26671>
2008-06-09 15:23:25 3440632 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26676.exe <Verified; Hewlett-Packard; sp26676>
2008-06-09 16:06:50 1865312 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26684.exe <Verified; Hewlett-Packard; sp26684>
2008-06-09 15:32:11 4568872 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26689.exe <Verified; Hewlett-Packard Development Company, L.P.; sp26689>
2008-06-09 15:12:13 6207088 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26765.exe <Verified; Hewlett-Packard Development Company, L.P.; sp26765>
2008-06-09 15:28:29 1552136 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp26779.exe <Verified; Hewlett-Packard Development Company, L.P.; sp26779>
2008-06-09 15:27:09 1713488 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp37253.exe <Verified; Hewlett-Packard Development Company, L.P.; HP Update Security Vulnerability Update>
2008-06-09 15:15:50 1941232 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sp37394.exe <Verified; Hewlett-Packard Development Company, L.P.; sp37394>
2008-06-08 00:15:01 0 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\sqlite_kOLw7CsfBteBzwO
2008-06-10 15:57:35 11186 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Supporatability.log
2008-06-07 02:03:54 8196 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\TFR1AA.tmp
2008-06-10 17:19:44 8196 --a-----t C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\TFR4C5.tmp
2005-11-08 03:37:52 583888 -----n--- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\UIUCU2.EXE <Verified; Conexant Systems, Inc.; Universal Device Install/Uninstall x86 App>
2008-06-11 20:22:16 44766 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\Uninstall Log 2008-06-11 #001.txt
2008-06-11 19:52:26 11901 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.0.cs
2008-06-11 19:52:26 365 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.cmdline
2008-06-11 19:52:26 0 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.dll
2008-06-11 19:52:26 0 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.err
2008-06-11 19:52:26 478 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\uvsw3_yl.out
2008-06-07 02:50:22 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\VBE
2008-06-10 15:01:00 0 d-------- C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\{82C96A65-AF5E-438B-900F-259869219BA0}
2008-06-10 15:06:03 516 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~15C.tmp
2008-06-12 22:09:50 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF20A6.tmp
2008-06-10 15:35:53 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF2293.tmp
2008-06-07 02:29:39 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF2FC1.tmp
2008-06-10 16:54:39 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF4A3A.tmp
2008-06-07 02:56:44 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF4DAD.tmp
2008-06-10 20:36:14 65536 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF4EA4.tmp
2008-06-10 16:59:10 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF5856.tmp
2008-06-10 16:50:06 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF635E.tmp
2008-06-09 19:41:17 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF656.tmp
2008-06-11 20:35:51 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF6621.tmp
2008-06-11 19:51:48 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF73DD.tmp
2008-06-07 02:38:52 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF75BC.tmp
2008-06-10 14:50:53 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF763C.tmp
2008-06-10 15:08:11 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF783.tmp
2008-06-10 15:03:04 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF7A9B.tmp
2008-06-09 15:53:43 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF7FBD.tmp
2008-06-09 15:50:08 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF8872.tmp
2008-06-09 15:05:33 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF92BB.tmp
2008-06-12 15:10:20 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF935E.tmp
2008-06-11 20:10:32 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DF958E.tmp
2008-06-10 15:43:29 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFAF4B.tmp
2008-06-10 17:27:14 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFB8FA.tmp
2008-06-07 03:05:31 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFBCB1.tmp
2008-06-09 16:08:50 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFC398.tmp
2008-06-11 19:55:26 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFC673.tmp
2008-06-11 20:24:02 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFE173.tmp
2008-06-10 13:51:11 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFE40.tmp
2008-06-11 14:36:47 49152 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFEA5E.tmp
2008-06-10 15:30:00 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFEB21.tmp
2008-06-07 03:30:04 16384 --a------ C:\DOCUME~1\ADMINI~1.NET\LOCALS~1\Temp\~DFF361.tmp
2005-08-12 17:35:00 212992 --a------ C:\WINDOWS\temp\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2005-08-12 18:40:00 307200 --a------ C:\WINDOWS\temp\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2004-09-07 13:47:00 57344 --a------ C:\WINDOWS\temp\Alcxmntr.exe <Verified; Realtek Semiconductor Corp.; Realtek Audio - Event Monitor>
2005-09-05 04:51:00 15057 --a------ C:\WINDOWS\temp\alcxwdm.cat
2005-08-29 15:11:00 3644928 --a------ C:\WINDOWS\temp\alcxwdm.sys <Verified; Realtek Semiconductor Corp.; Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)>
2005-08-29 16:14:00 27399 --a------ C:\WINDOWS\temp\Alcxwdm0.inf
2005-08-29 16:14:00 22179 --a------ C:\WINDOWS\temp\Alcxwdm1.inf
2005-08-17 18:25:00 18771968 --a------ C:\WINDOWS\temp\alsndmgr.cpl <Verified; Realtek Semiconductor Corp.; Realtek AC97 Audio Sound Effect Manager>
2002-02-05 13:54:00 141016 --a------ C:\WINDOWS\temp\alsndmgr.wav
2005-07-15 16:48:00 40960 --a------ C:\WINDOWS\temp\ChCfg.exe
2008-06-07 01:18:16 0 d---s---- C:\WINDOWS\temp\Cookies
2000-09-29 06:27:08 36352 -----n--- C:\WINDOWS\temp\DelB.tmp
2008-06-11 19:51:55 262144 --a------ C:\WINDOWS\temp\fb_1004.lck
2008-06-09 19:40:47 262144 --a------ C:\WINDOWS\temp\fb_1016.lck
2008-06-11 20:10:54 262144 --a------ C:\WINDOWS\temp\fb_984.lck
2008-06-07 01:18:16 0 d---s---- C:\WINDOWS\temp\History
2008-06-10 17:26:27 0 d-------- C:\WINDOWS\temp\MCE00000
2008-06-11 14:38:56 0 d-------- C:\WINDOWS\temp\MCE00001
2008-06-11 19:55:18 0 d-------- C:\WINDOWS\temp\MCE00002
2008-06-11 20:03:42 0 d-------- C:\WINDOWS\temp\MCE00003
2008-06-11 20:10:40 0 d-------- C:\WINDOWS\temp\MCE00004
2008-06-11 20:23:47 0 d-------- C:\WINDOWS\temp\MCE00005
2008-06-11 20:35:52 0 d-------- C:\WINDOWS\temp\MCE00006
2008-06-12 15:04:53 0 d-------- C:\WINDOWS\temp\MCE00007
2008-06-07 03:29:34 0 --a-----t C:\WINDOWS\temp\mcmsc_5a2ESELjzNt9ncB
2008-06-11 20:35:32 0 --a-----t C:\WINDOWS\temp\mcmsc_cpD69RlH06CvKjH
2008-06-10 14:52:30 0 --a-----t C:\WINDOWS\temp\mcmsc_M8w0AIQcf4ZegwC
2008-06-10 14:52:30 0 --a-----t C:\WINDOWS\temp\mcmsc_mzbwW0bXO8jRp7I
2008-06-08 03:59:35 0 --a-----t C:\WINDOWS\temp\mcmsc_r9ryjKK2zEmKgbj
2008-06-11 14:38:46 0 --a-----t C:\WINDOWS\temp\mcmsc_Rd9pfBYG8fPVo9o
2008-06-11 20:10:21 0 --a-----t C:\WINDOWS\temp\mcmsc_t3b9QxleoetPrQx
2008-06-09 18:49:14 0 --a-----t C:\WINDOWS\temp\mcmsc_uVrSrtybnoRzhx8
2008-06-10 07:19:14 0 --a-----t C:\WINDOWS\temp\mcmsc_VlgpyinOhlFJa6e
2008-06-11 19:54:57 0 --a-----t C:\WINDOWS\temp\mcmsc_zRjSGYjMDvavMfq
2008-06-09 03:04:31 14888 --a------ C:\WINDOWS\temp\netfxsl.log
2008-06-09 03:05:12 10176 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
2008-06-12 03:06:28 262144 --a------ C:\WINDOWS\temp\NETPC30495.lck
2006-02-27 22:00:00 248832 --a------ C:\WINDOWS\temp\newdev.dll <Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-09 18:55:14 0 d-------- C:\WINDOWS\temp\PDFC
2004-09-07 14:23:00 156672 --a------ C:\WINDOWS\temp\RtlCPAPI.dll <Verified; ; RtlCPAPI Module>
2005-08-17 18:21:00 10458112 --a------ C:\WINDOWS\temp\RTLCPL.exe <Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2005-08-17 18:39:00 90112 --a------ C:\WINDOWS\temp\soundman.exe <Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2008-06-10 17:27:20 0 --a-----t C:\WINDOWS\temp\sqlite_0idbOx4qLF1G2kL
2008-06-07 03:30:54 0 --a-----t C:\WINDOWS\temp\sqlite_2ah2Obzyjr59Yb9
2008-06-07 02:17:58 0 --a-----t C:\WINDOWS\temp\sqlite_2DQRAlHOaqJmHxQ
2008-06-10 16:55:43 0 --a-----t C:\WINDOWS\temp\sqlite_2V9kaVtYNirHD5O
2008-06-11 20:24:39 0 --a-----t C:\WINDOWS\temp\sqlite_3xFP8m3TBQDRnan
2008-06-09 18:50:23 0 --a-----t C:\WINDOWS\temp\sqlite_5GncdMIcDox4Xqc
2008-06-10 17:27:20 0 --a-----t C:\WINDOWS\temp\sqlite_5oq84C55LGhHsgk
2008-06-07 02:17:58 1024 --a-----t C:\WINDOWS\temp\sqlite_7WicUlOzSXxl7ze
2008-06-08 11:23:47 0 --a-----t C:\WINDOWS\temp\sqlite_7YaGgHg6JwsvXgi
2008-06-07 02:09:13 0 --a-----t C:\WINDOWS\temp\sqlite_8jTNASSOB3KS4xN
2008-06-09 14:43:33 0 --a-----t C:\WINDOWS\temp\sqlite_8phxqlLCX7hpx3L
2008-06-11 20:36:46 0 --a-----t C:\WINDOWS\temp\sqlite_9fhxCe2ouJY6gBI
2008-06-07 02:57:55 0 --a-----t C:\WINDOWS\temp\sqlite_aHXgkqE2I9quJOX
2008-06-11 20:11:36 0 --a-----t C:\WINDOWS\temp\sqlite_aYJSQnQKTwdNfFG
2008-06-12 00:00:00 0 --a-----t C:\WINDOWS\temp\sqlite_bqsnGXCQ67LizF3
2008-06-09 14:43:33 0 --a-----t C:\WINDOWS\temp\sqlite_dZDF3gJPEfHLKPO
2008-06-09 15:48:02 0 --a-----t C:\WINDOWS\temp\sqlite_dzhORrVJYFhgh0e
2008-06-10 15:08:49 0 --a-----t C:\WINDOWS\temp\sqlite_ePahMscBf11p3AI
2008-06-10 17:32:00 1024 --a-----t C:\WINDOWS\temp\sqlite_eW6a9B81SqzBgJ4
2008-06-08 11:23:47 0 --a-----t C:\WINDOWS\temp\sqlite_f1n8hBBnmNeRfld
2008-06-11 14:39:52 0 --a-----t C:\WINDOWS\temp\sqlite_fIf83m263PglXfx
2008-06-07 03:28:32 0 --a-----t C:\WINDOWS\temp\sqlite_GDyAdGNSjavnaqz
2008-06-10 16:27:14 0 --a-----t C:\WINDOWS\temp\sqlite_gLmG8p8BCbrN2dh
2008-06-11 20:24:39 0 --a-----t C:\WINDOWS\temp\sqlite_GNiIQDALRE7qgel
2008-06-10 15:31:03 0 --a-----t C:\WINDOWS\temp\sqlite_gsyd5pjSJIZZZHQ
2008-06-07 02:07:00 1024 --a-----t C:\WINDOWS\temp\sqlite_h8dovAZjRbkL7nR
2008-06-11 19:56:15 0 --a-----t C:\WINDOWS\temp\sqlite_HiPi5AlYROOH8fX
2008-06-07 03:45:17 0 --a-----t C:\WINDOWS\temp\sqlite_HkEO8uXZSJnul1k
2008-06-07 02:57:55 0 --a-----t C:\WINDOWS\temp\sqlite_hmCnRbCnGKGJsMT
2008-06-11 22:49:47 0 --a-----t C:\WINDOWS\temp\sqlite_hS96IGWMJTdotDC
2008-06-10 15:36:43 0 --a-----t C:\WINDOWS\temp\sqlite_HYc7CLPrYQ9pPhF
2008-06-10 15:08:49 0 --a-----t C:\WINDOWS\temp\sqlite_Iq303TpGtOMV1RY
2008-06-10 15:36:43 0 --a-----t C:\WINDOWS\temp\sqlite_Jvew93xnPK9rJs8
2008-06-10 16:50:49 0 --a-----t C:\WINDOWS\temp\sqlite_Kev3hbJa6htyDoy
2008-06-10 15:44:08 0 --a-----t C:\WINDOWS\temp\sqlite_KNKrojkVmvAtgH9
2008-06-09 15:54:26 0 --a-----t C:\WINDOWS\temp\sqlite_koVfcQlIhsyAUGR
2008-06-11 19:56:15 0 --a-----t C:\WINDOWS\temp\sqlite_L40qNzcCvfApeTp
2008-06-09 18:50:25 0 --a-----t C:\WINDOWS\temp\sqlite_L5uXCOyK7aioxRX
2008-06-11 20:36:46 0 --a-----t C:\WINDOWS\temp\sqlite_lNsigWyqIcWZ6b3
2008-06-07 03:05:49 0 --a-----t C:\WINDOWS\temp\sqlite_ludUQgP0DQODvEz
2008-06-09 18:50:24 0 --a-----t C:\WINDOWS\temp\sqlite_lZPCZqBS7WR8QvL
2008-06-07 03:05:49 0 --a-----t C:\WINDOWS\temp\sqlite_m7Dm4z9U7pkKafc
2008-06-11 20:37:03 1024 --a-----t C:\WINDOWS\temp\sqlite_mS00JdmZUhr4xMo
2008-06-07 03:42:15 0 --a-----t C:\WINDOWS\temp\sqlite_MUIbGweV0C9WYrX
2008-06-07 03:30:54 0 --a-----t C:\WINDOWS\temp\sqlite_MyFfrCsneLZG8Pn
2008-06-07 02:55:30 0 --a-----t C:\WINDOWS\temp\sqlite_Myxbwaqi5zs1JGj
2008-06-11 19:51:41 0 --a-----t C:\WINDOWS\temp\sqlite_pCuSuNTyxSD7gGu
2008-06-10 15:44:08 0 --a-----t C:\WINDOWS\temp\sqlite_PdENcdNUytlDkqU
2008-06-10 15:28:36 0 --a-----t C:\WINDOWS\temp\sqlite_q0Dsa4QiPVffGDl
2008-06-09 18:50:24 0 --a-----t C:\WINDOWS\temp\sqlite_rAPU9eJntuP6K8A
2008-06-09 15:50:59 0 --a-----t C:\WINDOWS\temp\sqlite_SqcXBV56DZarINa
2008-06-07 02:09:13 0 --a-----t C:\WINDOWS\temp\sqlite_SsA8zDVpFK3rvxb
2008-06-10 17:00:13 0 --a-----t C:\WINDOWS\temp\sqlite_tfnySSdQ7Cj5ePq
2008-06-09 15:50:59 0 --a-----t C:\WINDOWS\temp\sqlite_tq5wDK77kp3GMv4
2008-06-10 15:31:03 0 --a-----t C:\WINDOWS\temp\sqlite_UB2Mh2fKVEGL7Iz
2008-06-07 03:42:15 0 --a-----t C:\WINDOWS\temp\sqlite_UcjITtDGWV7KNxv
2008-06-11 14:39:52 0 --a-----t C:\WINDOWS\temp\sqlite_UctKBRFm2eeLy0r
2008-06-10 16:27:14 0 --a-----t C:\WINDOWS\temp\sqlite_uRUag6HcwehPhuY
2008-06-07 03:45:17 0 --a-----t C:\WINDOWS\temp\sqlite_VavpIhaiwOyxtC8
2008-06-10 13:55:13 0 --a-----t C:\WINDOWS\temp\sqlite_WklHn4TZqNrgcYc
2008-06-10 16:48:31 0 --a-----t C:\WINDOWS\temp\sqlite_WRoCSOSn9H4D06D
2008-06-09 15:54:26 0 --a-----t C:\WINDOWS\temp\sqlite_wSt0L2z8tb7pd6X
2008-06-10 13:55:13 0 --a-----t C:\WINDOWS\temp\sqlite_WTjHnt4JdulvPTW
2008-06-12 19:04:47 0 --a-----t C:\WINDOWS\temp\sqlite_wxLOKaBn0clRBfX
2008-06-10 16:55:43 0 --a-----t C:\WINDOWS\temp\sqlite_Xd56crtC30wwSzS
2008-06-07 03:03:33 0 --a-----t C:\WINDOWS\temp\sqlite_xDNhFu4HkHakagH
2008-06-07 02:07:00 1024 --a-----t C:\WINDOWS\temp\sqlite_xLL9k9bgZ5XB3xS
2008-06-11 20:11:36 0 --a-----t C:\WINDOWS\temp\sqlite_XrejEx6hOtnZecG
2008-06-10 17:00:13 0 --a-----t C:\WINDOWS\temp\sqlite_YSwzGiY493mAhuR
2008-06-10 16:50:49 0 --a-----t C:\WINDOWS\temp\sqlite_ZFAcP4brCcV4VOF
2008-06-07 01:18:16 0 d---s---- C:\WINDOWS\temp\Temporary Internet Files
2008-03-24 19:33:02 1527056 --a------ C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe <Verified; Adobe Systems Incorporated; Adobe® Flash® Player ActiveX>
2008-04-17 15:53:54 147456 --a------ C:\WINDOWS\Downloaded Program Files\Uploader.exe <Not Verified; McAfee Inc.,; McAfee Virtual Technician>
2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>
2008-04-17 15:56:58 117584 --a------ C:\WINDOWS\Downloaded Program Files\McContentMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:56:16 354136 --a------ C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:57:18 119112 --a------ C:\WINDOWS\Downloaded Program Files\McLogMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:56:38 527696 --a------ C:\WINDOWS\Downloaded Program Files\McPlugins.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:57:38 238416 --a------ C:\WINDOWS\Downloaded Program Files\McProdMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:55:34 291680 --a------ C:\WINDOWS\Downloaded Program Files\MVT.dll <Verified; McAfee Inc.; McAfee Virtual Technician>

-*- End of Logfile -*-


This is all I have for now. I hope you can help me out...

King regards,

EBG005

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 06 July 2008 - 07:23 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh DSS log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 ebg005

ebg005
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 08 July 2008 - 01:27 PM

Hello Sam,

Thank you for taking the time to respond to my request. I have been too paranoid to check my financial sites or order anything on-line. Any help will be greatly appreciated.

Kind regards,

Bob (EBG005)

Here is the latest DSS scan:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Deckard's System Scanner v20071014.68
Run by ejg017 on 2008-07-08 13:32:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as ejg017.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:20 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
C:\Documents and Settings\Administrator\Application Data\U3\0000060432079090\LaunchPad.exe
G:\Deckard's System Scanner\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ejg017.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://guru.avg.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211235322625
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe

--
End of file - 4811 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-05 11:28:52 0 d-------- C:\Program Files\Mil Incorporated
2008-07-02 09:08:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 09:08:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-07-02 09:08:01 0 d-------- C:\Program Files\AVG
2008-07-02 09:08:01 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 08:47:27 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-06-13 15:10:05 0 d-------- C:\Program Files\Task Killer
2008-06-13 13:51:10 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-06-13 13:39:28 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-13 12:23:00 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-13 11:23:52 0 d-------- C:\Program Files\Trend Micro
2008-06-13 08:56:16 0 d-------- C:\WINDOWS\Sun
2008-06-13 08:07:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-13 08:06:26 0 d-------- C:\Program Files\Common Files\iS3
2008-06-13 08:06:25 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-08 11:56:31 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2008-07-08 13:31:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-07-02 09:17:08 0 d-------- C:\Program Files\Common Files
2008-06-08 09:24:26 0 d-------- C:\Program Files\Google
2008-06-07 17:05:44 0 -rahs---- C:\MSDOS.SYS
2008-06-07 17:05:44 0 -rahs---- C:\IO.SYS
2008-06-06 10:35:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-06 10:34:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-31 18:54:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-31 14:00:25 0 dr------- C:\Documents and Settings\Administrator\Application Data\Brother
2008-05-19 18:00:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-19 17:38:45 0 d-------- C:\Program Files\Messenger
2008-05-19 17:38:19 0 d-------- C:\Program Files\Movie Maker
2008-05-19 17:36:04 0 d-------- C:\Program Files\Windows NT
2008-05-19 17:16:52 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-19 17:16:36 0 d-------- C:\Program Files\Microsoft.NET
2008-05-19 16:31:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 16:18:59 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-19 15:37:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-05-19 13:38:28 0 d-------- C:\Program Files\Program Shortcuts
2008-05-19 13:16:00 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-19 13:15:09 0 d-------- C:\Program Files\Compaq
2008-05-19 13:14:56 0 d-------- C:\Program Files\PDF Complete
2008-05-19 13:14:31 0 d-------- C:\Program Files\HPQ
2008-05-19 13:11:23 0 d-------- C:\Program Files\Realtek
2008-05-19 13:11:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-19 13:10:41 0 d-------- C:\Program Files\AMD
2008-05-19 13:09:15 0 d-------- C:\Program Files\DIFX
2008-05-19 13:06:26 0 d-------- C:\Program Files\Java
2008-05-19 13:06:12 0 d-------- C:\Program Files\Common Files\Java
2008-05-19 13:05:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-19 12:54:37 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-19 12:54:37 0 d-------- C:\Program Files\Online Services
2008-05-19 12:54:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-19 12:54:37 0 d-------- C:\Program Files\microsoft frontpage
2008-05-19 12:54:37 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-19 12:54:37 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-19 12:54:37 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-19 12:54:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/02/2008 09:08 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/02/2008 09:08 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [03/13/2007 07:31 PM]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [08/07/2007 01:59 PM]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [11/20/2003 05:01 PM]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [05/12/2006 01:50 PM]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [03/31/2006 03:44 PM]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [07/10/2006 11:53 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 09:08 AM]
"MilShieldSlave"="C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" [07/05/2008 11:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
taskmgr.exe.lnk - C:\WINDOWS\system32\taskmgr.exe [8/4/2004 3:56:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04c1ba26-328f-11dd-bdd9-001d9273c9b3}]
AutoRun\command- H:\CruzerProfile.exe /autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f3c2424-26bf-11dd-95c5-001d9273c9b3}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52f23c3b-2f2c-11dd-95cc-001d9273c9b3}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c14ef4-26bd-11dd-95c4-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - MILSHIELDCLEANER



-- End of Deckard's System Scanner: finished at 2008-07-08 13:33:53 ------------

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 08 July 2008 - 05:54 PM

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Then post a new log from DSS.
Let me know what issues you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 23 July 2008 - 06:41 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users