Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Freezes..


  • This topic is locked This topic is locked
21 replies to this topic

#1 fivelitre

fivelitre

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 10 September 2007 - 11:31 PM

Whenever I go and open Control panel or any other folder which would be located within the control panel (ex. Network Connections etc. ) I get a popup saying that "Windows Explorer has stopped working" and then it says "Windows Explorer is Restarting" I've followed the steps listed in another topic about running Spy-Bot and Ad-aware and running Stinger. and it hasn't helped.

Something I found to be interesting was that when i started my computer in safe mode, if i tried to open control panel there, it would restart windows explorer which makes me think whatever problem I have may deal with a virus or something in a core file or driver?

I ran Hijackthis and below is what it gave me in notepad. Any help which you guys can provide would be much appreciated.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:24 PM, on 10/09/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13737 bytes

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 18 September 2007 - 06:24 PM

Hello fivelitre

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean.

To disable Ad-Watch:

1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch".
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: Switches Monitoring On or Off without closing
Automatic: Switches Automatic Blocking On or Off
3. Uncheck (red X) both items.



We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


So post the two DSS texts in full in your next reply and let me know if you are still getting that error.

#3 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 18 September 2007 - 06:54 PM

Alright, I did everything which you asked. I tried to go to my control panel again and was faced with the same "Windows explorer has stopped working" blah blah blah.

Anyways, here are the two notepads which that DSS program gave me


Deckard's System Scanner v20070905.67
Run by Travis on 2007-09-18 16:41:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2007-09-18 04:47:02 UTC - RP322 - Scheduled Checkpoint
1: 2007-09-16 22:51:58 UTC - RP321 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Travis.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:36 PM, on 18/09/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\explorer.exe
C:\Users\Travis\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Travis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe (User 'Mcx1')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12106 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s <Not Verified; The Firebird Project; Firebird SQL Server>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R3 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s <Not Verified; The Firebird Project; Firebird SQL Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-18 16:38:13 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{3F19FCCA-FC5F-4082-B558-0F9405D02863}.job


-- Files created between 2007-08-18 and 2007-09-18 -----------------------------

2007-09-10 21:37:22 0 d-------- C:\Windows\pss
2007-09-10 18:02:09 0 d-------- C:\Program Files\Trend Micro
2007-09-10 15:31:50 0 d-------- C:\Windows\BDOSCAN8
2007-09-10 15:09:15 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-09-10 11:07:02 0 d-------- C:\Program Files\Studio 3
2007-09-10 09:09:38 0 d-------- C:\Program Files\Lavasoft
2007-09-10 09:09:37 0 d-------- C:\Users\All Users\Lavasoft
2007-09-10 09:08:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 09:00:17 0 d-------- C:\Program Files\SequoiaView
2007-09-09 18:08:07 0 d-------- C:\Users\All Users\Nero
2007-09-09 18:08:07 0 d-------- C:\Program Files\Common Files\Nero
2007-09-03 17:43:20 0 d-------- C:\Windows\vbSkinner
2007-08-31 17:21:07 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-08-31 17:21:07 0 d-------- C:\Program Files\VstPlugins
2007-08-31 17:18:40 0 d-------- C:\Program Files\Image-Line
2007-08-31 03:08:32 0 d-------- C:\Users\All Users\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2007-09-18 16:42:45 0 d-------- C:\Users\Travis\AppData\Roaming\uTorrent
2007-09-17 18:38:48 0 d-------- C:\Program Files\Symantec
2007-09-17 18:02:41 0 d-------- C:\Users\Travis\AppData\Roaming\dvdcss
2007-09-15 07:19:52 0 d-------- C:\Program Files\Apple Software Update
2007-09-12 03:02:19 0 d-------- C:\Program Files\Windows Mail
2007-09-10 22:21:44 0 d-------- C:\Program Files\Yahoo!
2007-09-10 21:23:18 0 d-------- C:\Users\Travis\AppData\Roaming\Skype
2007-09-10 15:39:40 0 d-------- C:\Program Files\Java
2007-09-10 10:57:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 09:08:49 0 d-------- C:\Program Files\Common Files
2007-09-09 18:14:57 0 d-------- C:\Users\Travis\AppData\Roaming\Nero
2007-09-09 18:08:07 0 d-------- C:\Program Files\Nero
2007-09-09 17:42:07 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-08 20:55:50 0 d-------- C:\Program Files\iTunes
2007-09-08 20:55:39 0 d-------- C:\Program Files\iPod
2007-09-04 19:21:22 0 d-------- C:\Users\Travis\AppData\Roaming\Bioshock
2007-08-31 03:06:00 0 d-------- C:\Program Files\Windows Calendar
2007-08-29 03:11:18 174 --ahs---- C:\Program Files\desktop.ini
2007-08-28 13:59:40 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-08-27 18:25:21 0 d-------- C:\Program Files\Logitech
2007-08-19 21:08:35 0 d-------- C:\Program Files\Norton 360
2007-08-14 21:37:55 0 d-------- C:\Users\Travis\AppData\Roaming\Adobe
2007-08-04 23:33:03 0 d-------- C:\Program Files\Skype
2007-08-04 23:32:57 0 d-------- C:\Program Files\Common Files\Skype
2007-07-30 11:08:34 0 d-------- C:\Program Files\Common Files\Logitech
2007-07-30 10:38:49 0 d-------- C:\Program Files\Microsoft Games
2007-07-18 19:28:50 148891 --a------ C:\Windows\hpoins19.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2007 07:28 AM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [08/04/2007 09:44 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 05:34 PM]
"RtHDVCpl"="RtHDVCpl.exe" [08/12/2006 05:51 PM C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 09:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 10:59 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [19/04/2007 06:11 PM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/07/2007 08:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/07/2007 08:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/07/2007 08:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 02:45 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 05:35 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 05:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 05:36 AM]
"uTorrent"="C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" [09/09/2007 06:17 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=C:\Windows\pss\BlackBerry Desktop Redirector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\Windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Travis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31884fba-f07d-11db-820e-0018f3a5095b}]
AutoRun\command- J:\SETUP.EXE /s

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-18 16:46:11 ------------



Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2045.87 MiB / 1122.18 MiB
Pagefile Memory (total/avail): 4308 MiB / 3036.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.79 MiB

C: is Fixed (NTFS) - 289.44 GiB total, 153.62 GiB free.
D: is Fixed (FAT32) - 8.63 GiB total, 0.36 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320833AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 289.44 GiB - C:
\PARTITION1 - Unknown - 8.64 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton 360 v2007 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Travis\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRAVIS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Travis
LOCALAPPDATA=C:\Users\Travis\AppData\Local
LOGONSERVER=\\TRAVIS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Travis\AppData\Local\Temp
TMP=C:\Users\Travis\AppData\Local\Temp
USERDOMAIN=Travis-PC
USERNAME=Travis
USERPROFILE=C:\Users\Travis
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Travis
Mcx1


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avi2Dvd 0.4.4 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
BlackBerry v4.2.0 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{87AB561C-8040-4D74-8B4F-77C38004A288}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
Firebird 1.5.1.4481 --> "C:\Program Files\Firebird\Firebird_1_5\unins000.exe"
FL Studio v7.0 --> "C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
I-Doser v4 --> C:\Program Files\IDoser v4\Uninstal.exe
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LightScribe Applications --> MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Office Excel 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007 --> MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007 --> MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007 --> MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mob Rule --> C:\Windows\IsUninst.exe -f"C:\Program Files\Studio 3\Mob Rule\Uninst.isu"
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SAM Broadcaster (remove only) --> "C:\Program Files\SpacialAudio\SAMBC\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SequoiaView --> C:\Program Files\SequoiaView\Uninstal.exe
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type24011 / Error
Event Submitted/Written: 09/18/2007 04:39:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16386, time stamp 0x4549b091, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9,
process id 0x7b0, application start time 0xExplorer.EXE0.

Event Record #/Type22437 / Success
Event Submitted/Written: 09/17/2007 03:07:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type22425 / Success
Event Submitted/Written: 09/17/2007 03:06:34 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type22421 / Success
Event Submitted/Written: 09/17/2007 03:06:33 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type22413 / Success
Event Submitted/Written: 09/17/2007 03:06:26 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26032 / Warning
Event Submitted/Written: 09/18/2007 04:42:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {ABAC40A4-06DB-43C9-B460-49FB1453D840}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type26031 / Warning
Event Submitted/Written: 09/18/2007 04:42:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {F58D959A-4025-4DB8-A6B9-D50F92F0F9ED}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type26030 / Warning
Event Submitted/Written: 09/18/2007 04:42:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {92A67262-2301-4D43-ABC6-BF3C6BF5D404}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type26029 / Warning
Event Submitted/Written: 09/18/2007 04:42:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {17307633-E713-4D46-A2F3-1EDC07774D18}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type26022 / Warning
Event Submitted/Written: 09/18/2007 03:06:36 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.



-- End of Deckard's System Scanner: finished at 2007-09-18 16:46:11 ------------

#4 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 18 September 2007 - 07:10 PM

Hello fivelitre

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (optional) then click Start full computer scan at the bottom.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip that file by right clicking and selecting send to Zip file
Then upload that as an attachment along with the log file produced in your next post.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

#5 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 19 September 2007 - 12:25 AM

Okay.. I hope I'm doing this right.. haha I wasn't sure if I should have put the .log file in with the attachment or not. But I'm posting it here.. if it's wrong I'm sorry.

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : TRAVIS-PC
Creation time : 18/09/2007 10:07:06 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16512
OS : Windows Vista ™ Home Premium
OS Build : 6000
OS SP :
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (Canada)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
* c:\program files\lavasoft\ad-aware 2007\aawtray.exe
c:\program files\intel\intel matrix storage manager\iaanotif.exe (Intel Corporation)
* c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
c:\users\travis\desktop\gmer.exe
* c:\windows\rthdvcpl.exe (Realtek Semiconductor)
c:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Co.)
* c:\program files\hp\digital imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
* c:\program files\hp\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
* c:\program files\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\program files\common files\logishrd\lvcomser\lvcomser.exe (Logitech Inc.)
c:\program files\mirc\mirc.exe (mIRC Co. Ltd.)
* c:\users\travis\appdata\local\temp\rar$ex00.812\runscanner.exe (Runscanner.net)
* c:\program files\common files\symantec shared\ccapp.exe (Symantec Corporation)
* c:\users\travis\program files\utorrent\utorrent.exe

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\lavasoft\ad-aware 2007\aawtray.exe
* c:\program files\common files\symantec shared\ccapp.exe (Symantec Corporation)
c:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Co.)
c:\program files\intel\intel matrix storage manager\iaanotif.exe (Intel Corporation)
* c:\program files\common files\installshield\updateservice\isuspm.exe (Macrovision Corporation)
c:\program files\essentials codec pack\update.exe (MediaCodec.Org)
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation)
* c:\windows\system32\nvmctray.dll (NVIDIA Corporation)
* c:\windows\system32\nvsvc.dll (NVIDIA Corporation)
* C:\Windows\rthdvcpl.exe (Realtek Semiconductor)
* c:\program files\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\users\travis\program files\utorrent\utorrent.exe

005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
* c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.)

006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
* c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
c:\program files\common files\adobe systems shared\service\adobelmsvc.exe (Adobe LM Service)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
* c:\program files\common files\symantec shared\ccsvchst.exe (ccEvtMgr)
* c:\program files\common files\symantec shared\ccsvchst.exe (ccSetMgr)
* c:\program files\common files\symantec shared\vascanner\comhost.exe (COM Host)
c:\program files\firebird\firebird_1_5\bin\fbguard.exe (Firebird Guardian - DefaultInstance)
c:\program files\firebird\firebird_1_5\bin\fbserver.exe (Firebird Server - DefaultInstance)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\program files\intel\intel matrix storage manager\iaantmon.exe (Intel® Matrix Storage Event Monitor)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
* c:\program files\common files\intervideo\regmgr\iviregmgr.exe (IviRegMgr)
* c:\program files\common files\lightscribe\lssrvc.exe (LightScribeService Direct Disc Labeling Service)
* c:\progra~1\symantec\liveup~1\lucoms~1.exe (LiveUpdate)
* c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe (LiveUpdate Notice Service)
* c:\program files\common files\symantec shared\ccsvchst.exe (LiveUpdate Notice Service Ex)
* c:\program files\common files\logishrd\lvcomser\lvcomser.exe (LVCOMSer)
* c:\program files\common files\logishrd\srvlnch\srvlnch.exe (LVSrvLauncher)
* c:\program files\nero\nero8\nero backitup\nbservice.exe (Nero BackItUp Scheduler 3)
* c:\program files\common files\nero\lib\nmindexingservice.exe (NMIndexingService)
* c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe (Process Monitor)
* c:\program files\spybot - search & destroy\sdwinsec.exe (SBSD Security Center Service)
* c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe (Symantec Core LC)
* c:\program files\common files\symantec shared\ccsvchst.exe (Symantec Lic NetConnect service)
* C:\Windows\system32\drivers\xaudio.exe (XAudioService)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\Windows\system32\drivers\gmer.sys (Base)
* C:\Windows\system32\drivers\rimusb.sys (BlackBerry Device)
- c:\windows\system32\drivers\blbdrive.sys (blbdrive.sys)
C:\Windows\system32\drivers\sptd.sys (Boot Bus Extender)
* c:\windows\system32\drivers\brserid.sys (Brother MFC Serial Port Interface Driver (WDM))
* c:\windows\system32\drivers\brusbmdm.sys (Brother MFC USB Fax Only Modem)
* c:\windows\system32\drivers\brusbser.sys (Brother MFC USB Serial WDM Driver)
* c:\windows\system32\drivers\brfiltlo.sys (Brother USB Mass-Storage Lower Filter Driver)
* c:\windows\system32\drivers\brfiltup.sys (Brother USB Mass-Storage Upper Filter Driver)
* c:\windows\system32\drivers\brserwdm.sys (Brother WDM Serial driver)
* C:\Windows\system32\drivers\mdmxsdk.sys (Diagnostic Interface x86 Driver)
* c:\windows\system32\drivers\symdns.sys (DNS Filter Driver)
* c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (EraserUtilRebootDrv)
* c:\windows\system32\drivers\symfw.sys (Firewall Filter Driver)
* C:\Windows\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\Windows\system32\drivers\hcwpp2.sys (Hauppauge WinTV PVR PCI II ([23|25|26]xxx))
* C:\Windows\system32\drivers\hsx_cnxt.sys (HSF_CNXT driver)
* C:\Windows\system32\drivers\hsx_dp.sys (HSF_DP driver)
* C:\Windows\system32\drivers\vstdpv3.sys (HSF_DP driver)
* C:\Windows\system32\drivers\hsxhwbs2.sys (HSF_HWB2 WDM driver)
* C:\Windows\system32\drivers\vstbs23.sys (HSF_HWB2 WDM driver)
* c:\windows\system32\drivers\symids.sys (IDS Filter Driver)
* C:\Windows\system32\drivers\iastor.sys (Intel RAID Controller)
* C:\Windows\system32\drivers\iastorv.sys (Intel RAID Controller Vista)
* C:\Windows\system32\drivers\e1g60i32.sys (Intel® PRO/1000 NDIS 6 Adapter Driver)
* C:\Windows\system32\drivers\e1e6032.sys (Intel® PRO/1000 PCI Express Network Connection Driver)
- c:\windows\system32\drivers\ipinip.sys (IP in IP Tunnel Driver)
- c:\windows\system32\drivers\nwlnkflt.sys (IPX Traffic Filter Driver)
- c:\windows\system32\drivers\nwlnkfwd.sys (IPX Traffic Forwarder Driver)
* c:\windows\system32\drivers\iteatapi.sys (ITEATAPI_Service_Install)
* c:\windows\system32\drivers\iteraid.sys (ITERAID_Service_Install)
C:\Windows\system32\drivers\lvckap.sys (Logitech AEC Driver)
* C:\Windows\system32\drivers\lvpr2mon.sys (Logitech LVPr2Mon Driver)
C:\Windows\system32\drivers\lvmvdrv.sys (Logitech Machine Vision Engine Loader)
* C:\Windows\system32\drivers\lv302v32.sys (Logitech QuickCam IM(PID_PEPI))
* C:\Windows\system32\drivers\lvusbsta.sys (Logitech USB Monitor Filter)
* C:\Windows\system32\drivers\xaudio.sys (Modem Audio Device Driver)
* c:\progra~2\symantec\defini~1\virusd~1\20070213.051\naveng.sys (NAVENG)
* c:\progra~2\symantec\defini~1\virusd~1\20070213.051\navex15.sys (NAVEX15)
* c:\windows\system32\drivers\symndisv.sys (NDIS Filter Driver)
* c:\windows\system32\drivers\ntrigdigi.sys (N-trig HID Tablet Driver)
* c:\windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Miniport Driver)
* c:\windows\system32\drivers\ql40xx.sys (QLogic iSCSI Miniport Driver)
* c:\windows\system32\drivers\symredrv.sys (Redirector Filter Driver)
* C:\Windows\system32\drivers\rimserial.sys (RIM Virtual Serial Port v2)
* c:\windows\system32\drivers\arcsas.sys (SCSI miniport)
* c:\windows\system32\drivers\sym_u3.sys (SCSI Miniport)
* c:\windows\system32\drivers\nvstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\iirsp.sys (SCSI Miniport)
* c:\windows\system32\drivers\hpcisss.sys (SCSI Miniport)
* c:\windows\system32\drivers\elxstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\uliahci.sys (SCSI Miniport)
* c:\windows\system32\drivers\symc8xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata2.sys (SCSI Miniport)
* c:\windows\system32\drivers\nfrd960.sys (SCSI Miniport)
* c:\windows\system32\drivers\arc.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpahci.sys (SCSI Miniport)
* c:\windows\system32\drivers\vsmraid.sys (SCSI Miniport)
* c:\windows\system32\drivers\djsvs.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu160m.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu320.sys (SCSI Miniport)
* c:\windows\system32\drivers\sym_hi.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_scsi.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid2.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid4.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_fc.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_sas.sys (SCSI Miniport)
* c:\windows\system32\drivers\adp94xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\mraid35x.sys (SCSI Miniport)
* c:\windows\system32\drivers\megasas.sys (SCSI Miniport)
* C:\Windows\system32\drivers\rtkvhda.sys (Service for Realtek HD Audio (WDM))
* c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys (SPBBCDrv)
* C:\Windows\system32\drivers\srtspl.sys (SRTSPL)
* C:\Windows\system32\drivers\srtspx.sys (SRTSPX)
* c:\program files\common files\symantec shared\eengine\eectrl.sys (Symantec Eraser Control driver)
* c:\windows\system32\drivers\symevent.sys (Symantec Event Library)
* c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070912.001\idsvix86.sys (Symantec Intrusion Prevention Driver)
* c:\windows\system32\drivers\symtdi.sys (SYMTDI)
* c:\windows\system32\drivers\cmdide.sys (System Bus Extender)
* c:\windows\system32\drivers\aliide.sys (System Bus Extender)
* c:\windows\system32\drivers\viaide.sys (System Bus Extender)
* c:\windows\system32\drivers\nvraid.sys (System Bus Extender)
* C:\Windows\system32\drivers\usbvm302.sys (V-Gear TalkCam 1.1)
* C:\Windows\system32\drivers\igdkmd32.sys (Video)
* C:\Windows\system32\drivers\nvlddmkm.sys (Video)
* C:\Windows\system32\drivers\lv302af.sys (Volume Adapter)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
* c:\progra~1\common~1\skype\skype4~1.dll (Skype Technologies) {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

032 HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
-----------------------------------------------------------------------------------
- rdpclip

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
* c:\program files\common files\lightscribe\lsrunonce.exe (Hewlett-Packard Company) {10880D85-AAD9-4558-ABDC-2AB1552D831F}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\common files\symantec shared\coshared\browser\1.5\uibho.dll (Symantec Corporation) {90222687-F593-4738-B738-FBEE9C7B26DF}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
C:\Windows\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
GUID / CLSID not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
GUID / CLSID not found {77BF5300-1474-4EC7-9980-D32B190E9B07}
GUID / CLSID not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
* c:\program files\common files\symantec shared\coshared\browser\1.5\nppbho.dll (Symantec Corporation) {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
* c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll (Skype Technologies S.A.) {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
* c:\program files\yahoo!\common\yiesrvc.dll (Yahoo! Inc.) {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\avi2dvd\programs\filters\haali media splitter\mmfinfo.dll {0561EC90-CE54-4f0c-9C55-E226110A740C}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
* c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* c:\progra~1\yahoo!\common\ymmapi.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\avi2dvd\programs\filters\haali media splitter\mmfinfo.dll {0561EC90-CE54-4f0c-9C55-E226110A740C}
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
C:\Windows\system32\lsdelete.exe

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\Windows\system32\hpzlllhn.dll (Hewlett-Packard Company)

100 Internet Explorer settings
------------------------------
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKCU : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Start Page HKCU : http://go.microsoft.com/fwlink/?LinkId=69157
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
- c:\windows\downloaded program files\msgrchkr.dll {20A60F0D-9AFA-4515-A0FD-83BD84642501}
- c:\windows\downlo~1\oscan8.ocx {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
- c:\windows\downloaded program files\messengerstatspaclient.dll {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
* c:\program files\java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
GUID / CLSID not found ActiveGS.cab

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Yahoo! Search : file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Yahoo! &Dictionary : file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Yahoo! &Maps : file:///C:\Program Files\Yahoo!\Common/ycmap.htm
Yahoo! &SMS : file:///C:\Program Files\Yahoo!\Common/ycsms.htm

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
ConsentPromptBehaviorAdmin : 2
ConsentPromptBehaviorUser : 1
dontdisplaylastusername : 0
EnableInstallerDetection : 1
EnableLUA : 1
EnableSecureUIAPaths : 1
EnableVirtualization : 1
FilterAdministratorToken : 0
PromptOnSecureDesktop : 1
scforceoption : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
ValidateAdminCodeSignatures : 0

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{31884fba-f07d-11db-820e-0018f3a5095b} : J:\SETUP.EXE /s

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\progra~1\yahoo!\common\ymmapi.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
* c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* c:\program files\nero\nero8\nero backitup\nbshell.dll (Nero AG)




Kaspersky text file
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 18, 2007 9:59:54 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 19/09/2007
Kaspersky Anti-Virus database records: 420532
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 141049
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:46:36

Infected Object Name / Virus Name / Last Action
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Address Book\HP_Administrator.wab Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Credentials\S-1-5-21-1478714791-59452595-1119793503-1007\Credentials Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\009f1baa9a092dfdad6a3bd9b154815f_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\05e193d799be994876a992b539f29942_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\05ebd391a920cedfb57675b1f05b6e01_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\09a795504275293de59e4b59b05aa64c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\10fa583c7bd0f48d4b347e00e8714c14_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\11882aa195b6ae6818e2e60c0ebbcd32_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\11ae5cabbf9e53f18d3a262d2435737c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\129d5830aa296bf7439bc567711a42a5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\12f5f46cb3688eb3ac2ade38308993ee_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\13f2c3125c338e6eb8c8acedd2542318_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1557155dda4b71f1ae2579ab4aa1ae7e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\16a296442e21f6d89ba2ff772cf8a0ef_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\18a046159f402526a6d0aef778c9ad2e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1b7ace44bfa8649be11bdd47584c85c2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1e58d84f280edaf0be542c651f4b774d_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1e824c4c9ff1d21cb4a93648a0293e02_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1f03b95eb8cf83e0703239404e39a905_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\21ded613f2be71a66f3104061ddb00d3_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\25d35b519b1720ff9eb70e38078af427_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\27fce497d41530ba26de4ca359a5adbb_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\2ca2f159af48272313cd2ed7ded06171_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\2dbae9d4e9d0ef133a53ccfb4db30253_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\34717587c09047900b55c16ebdb9adb6_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\36facbbabc8b120c8980f3dfe11b3516_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\3c64d71e319e3aa304fd72669c704a8c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\3d30d3dc550315d3ec6a56efff78af62_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\40fc9a07f4de7fb4d5c908b3025d9f40_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4733e0033bafcc3c0e314e0bded38b55_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4ad8e4a5975db01a79d2c6f520b13f8b_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4c0332843d9d9364d7703f92eb48236e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4f7e297dbab62c90ae7606f60dd68cbc_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\50557c9ff04ea1f071e40cc716d6c2ea_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\52d5f685f63e55d95af2129318cd5b02_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\571fd22f6d2755b30657b75ec2d53244_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\5baae05dcd23924d685bf56c666c8777_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\5f48e88b41bc25175f5b884bcd41c5ba_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\680fb03a518bec4065f1bd8c35fdc892_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\68f91210a37c395d33b39b951f09a612_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\690abea15c7f862acf6d4c3db639f024_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\693627048fde56f77d480d190fc87eb9_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\719f12bd755c84a4f905be3065ef70e5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\7676e41b35992fabe2202d278d68c4f4_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\7761488fd885f1bd834595fe21364138_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\78994f1cbb4be04c5f9f607142be344e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\78be047f54ecdf381d80ce801ec90ede_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\79f118963942914c7a9dc79f65d81247_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\7a14a5b5f68d436dfc0b906828e48544_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\83aa4cc77f591dfc2374580bbd95f6ba_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8539cb59276885c42fd0068a52cdd2f7_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\86be3bef6a88d8be0edb5787413e39e4_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\86d3a041a5728d0e7186e2bf00631d53_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\89d0158c22fb0556f3aa8c2bbd4fd8df_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\89dc0660d18720741fc26e8bfa8fd585_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8c66b51866f9cbde08c030abc4a28ac5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8c8ed320f3e16e592e911f20b6a0ac66_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8d297ee1cc485dbe9fe2dc4b35a49b06_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8de87d6b633cb48b7bc6c61323f15d6e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\90b9c3d4a5639d9f855fdf8337e0292a_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\9247d6c44afaae7f7c890b45507ed9f6_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\926c1ba6d5d9aa9f37be7512e8df06a1_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\929dd8c49c71e594666675a749b9c256_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\951f8ea5abbe65ad622334fcee3083de_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\9578a0c050feb54e689870d1a4223a30_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\96c7838063bbdf878b66699d54047e9e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\9c2b1f37beb29d99bfb3a707522f0f53_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\a7556790eccbf4c30d7d3a3cfd989059_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\a898961d5c2877a9a865d2329cc1497c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\a92b9bb4919fce5bb9bb1ef5b0e71eed_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\aa674fca801701defd24644e51e2abea_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\aba1242c695fd062b57a6dbb2ab1f4dd_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\b0bcceda3bb954b8a928fa3f1a9b716f_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\b91e90c8f48fe7612d5be24cec2138b1_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\bad57ae56060112e9c40c75c01866fbf_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\bdfa9175b77059cd3232b7a57d44c8d5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\c178f232ed9f794aedd8b5ca1b2f162f_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\c314b0df6ba9b83fb0f179fea2c61365_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\c8c8f5e25260596c6f23190ad18725bf_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d137ce2d21bf5fb40fa3084684209596_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d14b2ea3eec4714fdceb848acebd15f0_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d3101f0bea07913a616d5166a1c67f74_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d631ce202a89a20b1c75bba71b8d8345_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d6545625c69b65052c8a768cecbf50ec_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d664e37c82e1555caaa944f5bed53bf4_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\da5611036f9a70607e157591c81bc772_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\da7f687fd773ef7771c05bba7bce8297_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\daef256209f3f9b952d7446b17fec728_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\db7f910d0051fde9fa2555569126d246_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\dbe8270e9b07ec5ef90a749a3d04ef46_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\dd6ede641b70e6e1a8574e13d43b41a7_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ded96226c2cfedeadcb1ccf626e76d26_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\df42d5e3d93eaedc844a46c78440d458_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e211c5d26ffaa04a1c0c0fc55b104246_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e315e10df4267e6a7c55bee6459e1186_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e4aea709c81eee9b0d8698b30f4971c2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e51e95d475e27247f0e9098417c2724b_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e594b6e2616a3cbdde1bb090560cdbc1_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e98331f0ec8e569f97290b1a4f19d138_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f041ee9ac59fe919269127d7c7bc469e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f0b472179f62f9ece3638a1962555cc0_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f0cd24462f59ca22867ee0cb10f1feb2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f737244993d356717dceaba58ebc0258_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f81d132af599aba32da248bbdbaeda2d_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa0452345cac19f327132441cfb4a4a2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa30a74418d73349b3edb845464d100c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa7bdbdda5423b5b58fbfb44e0dc5203_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa87c953e33579cf7d69409139c5e487_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fab578156c31aa6629b23de3cbf69883_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fe559a0804523e43ec5b9fdad6b6f87e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ff30ca56fc967e8424524ee0b271d9a7_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ff33a859deb413b74ceb3de61b822e57_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ff9949baa3a656386d78d99d9c75dbdd_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\eHome\ehshell.config Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Protect\S-1-5-21-1478714791-59452595-1119793503-1007\15c031d5-4545-4a40-99b1-d070b492e834 Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Protect\S-1-5-21-1478714791-59452595-1119793503-1007\49c10d33-633c-442f-9208-76d6f8a81c00 Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Protect\S-1-5-21-527237240-179605362-725345543-500\fd71eae1-1ae2-43c7-be6a-585fb2dc9197 Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.answers[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adcentriconline[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@addictinggames[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adfarm.mserve[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultadworld[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aim[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@andee23.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@answers[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aol[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ataricommunity[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@babygirlshea09.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bebo[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bigfishgames[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bookclubservices[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@by104w.bay104.mail.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@calgary.ctv[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cattylisa.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cineplex.repeatseat[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cineplex[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@communist_playground[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@contest.blastpromo[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@core.mochibot[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@C__Program Files_GemMaster_[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dcsupekszufkq6ellogbkmx2w_6t4k[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@delb.myspace[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@delb2.myspace[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@demr.myspace[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@divertissement.sympatico.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@douglas.bc[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@download.mozilla[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ebayobjects[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ebay[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-cineplex.hitbox[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-corusentertainment.hitbox[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@enwhore[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ex=1[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eyereturn[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@facebook[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fantasy.sportsnet[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fileden[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fishstik[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gallery.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gamespot[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go.drivecleaner[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@google[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@google[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hallpass[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hotmail.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imageshack[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imdb[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@img459.imageshack[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@jose1948.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lanibanana.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.facebook[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m.webtrends[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mb[3].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.fastclick[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@messenger.msn[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoft[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mmp.studiofeeds[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mojoflix[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@movie[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mozilla[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msn[3].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mydouglas.douglas.bc[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myfreepaysite[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mygamercard[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myspace[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@optimizedby.rmxads[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@panoramio[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@personals.yahoo[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@player_new[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pornmonkeycash[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pornotube[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@princesssherry1.spaces.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@quantserve[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rad.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rad.msn[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@redsn95.spaces.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rogue.seoinc[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rtm[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sdc.brightcove[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@search.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serviceswitching[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@skype[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@slide[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@song2play[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@speedzone.sympatico.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet-bktri06[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet-fb_super07[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet-[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ssdc.ups[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@store.streetmoda[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@td.torrent-damage[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tonelink[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tour.haleywilde[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@unicast[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@video.sympatico.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webroot[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@wowstatus[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.addictinggames[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.aim[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.answers[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.asiansensationmovies[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ataricommunity[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.cfox[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.cineplex[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.drivecleaner[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ebaypromotion[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.enwhore[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.fileden[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.girlscaughtoncam[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.nexopia[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.rogersplus[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.rogersvideo[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.xvideo[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xbox[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yahoo[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@youtube[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1478714791-59452595-1119793503-1007\Credentials Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\KNCXQZOH\fwlink[1] Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\N08Z0XVZ\fwlink[1] Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007032620070402\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007040220070409\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007040920070416\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041620070417\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041720070418\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041820070419\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041920070420\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007042020070421\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007042120070422\index.dat Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\10.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\12.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\13.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\14.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\9.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\11.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\2.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\3.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\4.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\5.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\6.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\7.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\8.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\2007 history evening syllabus.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Blahblahblah.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Book1.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Book2.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\criminology 2252-term paper assignment (spring 2007).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Desktop (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Desktop.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Doc1 (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Doc1.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\bleepingstupid.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\My Documents (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\My Received Files.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\StructuralismFunctionalism (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\The problem with philosophy and much of psychology is the failure to correctly employ common language.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Travis's Folder (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Travis's Folder.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\What Is It (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\What Is It.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\What Is It1.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\(EERIE SILENCE) dumbheartt(2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\(EERIE SILENCE) dumbheartt.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\07 'Cuz I Can.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007 history evening syllabus.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_03030002.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_03030005.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_03060017.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0307.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0317.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0324.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0413.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130301.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130302.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130307.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130310.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130311.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\aaf-cenwwl.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\aaf-cenwwl.part01.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\addresses.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\allie.dawn2122964046.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Apocalyptica - Imperial march.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\apocalyptica - nothing else matters.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ash.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Babel.2006.PAL.NORDIC.DVDR-BIZARRE (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bestballer4life2727418967.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Birthday.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bizarre-babel.part001.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Blades.of.Glory.(2007).DVD.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Blades.of.Glory.(2007).DVD.ntsc.dvdr.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Blahblahblah.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Book1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Book2.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\boot.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\browneyes_bl3222893906.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Carmen.Electras.Naked.Womens.Wrestling.League.PPV.XViD-aAF (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Carmen.Electras.Naked.Womens.Wrestling.League.PPV.XViD-aAF.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\CD1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\CD2.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Children.Of.Men.2006.NTSC.DVDR-CCAT (3).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Construction.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Copy_of_Roni's_Funeral_-_Aprl_13,_2007_175.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\crash-sum.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Crash.2004.DVDRip.XviD-SUM (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Crash.2004.DVDRip.XviD-SUM.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Def Lepard - Pour Some Sugar On Me (Coyote Ugly Soundtrack Version).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Deja.Vu.DVDR-Replica (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Deja.Vu.DVDR-Replica.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-coi3a (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-coi3b (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-icbittwt13a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-icbittwt13b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\dl-g (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Doc1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\dragongirl_332240441517.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\DSCF0363.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\eagles - desperado.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\exhibitionofTony.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Family.Guy.S06E14.PDTV.XviD-2HD.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3 (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3 (3).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3-crack.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bleepingstupid (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bleepingstupid.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Ghostrider.R5.LINE.DVDR-DREAMLiGHT (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\green.mile.a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\green.mile.b (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\green.mile.b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\GRU-SC4A (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\gru-sc4a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\GRU-SC4B (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\gru-sc4b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\GRU-SC4E (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\gru-sc4e.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\help.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\HPIM1734.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\HPIM2395.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\http _www.deviantart.com_deviation_43538807_ qo=125&q=wall&qh=boost%3Apopular+age_sigma%3A24h+age_scale%3A5.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\I.Cant.Believe.I.Took.The.Whole.Thing.13.XXX.DVDRiP.XviD-DivXfacTory.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\IMG_1165.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Incomplete.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Joe Walsh - A Life Of Illusion.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\John.Tucker.Must.Die.2006.MULTiSUBS.PAL.DVDR-SUBTiTLES (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Johnny Cash - I Walk The Line.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katybookwishlist.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@19_16_22.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@20_15_19.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@20_15_43.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@20_15_59.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\komiso_183680382853.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Last.Stand.of.the.300.XviD.iNT-TD (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\lil_cutie_74607732083.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\lindseytravislist.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Linkin Park - What I've Done (Higher Quality).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\links.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\lrc-hf.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\mda6.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\me4.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\MessageLog.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\MONOPOLY.3-DEViANCE (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\mptdvd-cr-dvdr (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\My Documents.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\My Received Files.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\n509512491_39728_9598.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\nep-300dvdscr1-xvid.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\nerd.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\netshow-cnc3cn_mi.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\New Folder (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\New Folder.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Nickelback - If Everyone Cared.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\nympho-mda6.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\pauline.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Photoshop.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Photoshop_Tips_and_Tricks_Tutorials_2 (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picthingymajigy.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picture 12.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picture 8.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picture68.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Pictures and Videos.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\pl-deep4b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\prison.break.217.hdtv.xvid-notv.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\prison.break.217.hdtv.xvid-notv.part01.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\prison.break.221.hdtv-lol (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Prison.Break.S02E14.HDTV.XviD-LOL (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Prison.Break.S02E20.HDTV.XviD-LOL (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ps-ncc62a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ps-p-a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ps-p-b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Psychstats (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Psychstats.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\QuickCam.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\reena.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\rep-dejavu (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\rep-dejavu.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\resume.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\RIP.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\saddlegal64082589194.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\select query.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\setup-1a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\sillymatttricksareforkids.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\SimCity_4_English_Proper-gimpsRus.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\SimCity_4_Transportation_Addon-gimpsRus (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\SimCity_4_Transportation_Addon-gimpsRus.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\smokinhot4.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\south.park.1107.dsr.xvid.notv.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\south.park.1107.dsr.xvid.notv.part01.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\South.Park.S11E07.DSR.XviD-NoTV (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\South.Park.S11E07.DSR.XviD-NoTV.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\srharlem1467855081.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\stiffler_rocks_my_world344125646718.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\supernatural.215.hdtv.xvid-notv.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\supernatural.s02e17.hdtv.xvid-xor (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Supernatural.S02E18.HDTV.XviD-XOR (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\supernatural.s02e18.hdtv.xvid-xor (3).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Supernatural.S02E18.HDTV.XviD-XOR.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\sweetie_dl3656801828.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\The Chicago School.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\The Music - Breakin'.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\The problem with philosophy and much of psychology is the failure to correctly employ common language.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\thp-smokin.aces (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Travis's Folder.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\TravisSocioCrim.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\UlTraWoW_Hack_Patch_%281.11.1%29.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\VDDandI.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\verbal_sweetness_6998434363990.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\victoria_ashby1188358630.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Wake Up.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\wbros-300-cd1 (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\What Is It (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\What Is It.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\What Is It1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\xor-supernatural.218.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\[isoHunt] Blades.of.Glory.(2007).DVD.ntsc.dvdr.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Vista Upgrade Advisor.lnk Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DCF7873E.TMP Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-02.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-03.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-04.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini020507-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini021707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini022507-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini022707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini030307-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini032007-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini033007-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini033107-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini040207-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini040707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\default Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\default.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\default.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\SAM Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\sam.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\sam.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\security.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\security.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\software Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\software.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\software.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\system Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\system.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\system.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\wbem\AutoRecover\B0F7571D09CBE0AE81CB8FC91B04A321.mof Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\D653F3EC.TMP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIUB55.txt Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\D5A9BBC4.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\E49B3723.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8454f95c5b4fa487fad1d5f13dc203d1_39859c96-7008-42ea-8156-23daec1052ab Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c817ad02c9d8511c2903bc6bd2e3549f_39859c96-7008-42ea-8156-23daec1052ab Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_39859c96-7008-42ea-8156-23daec1052ab Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_3772133864_2555904_53807 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE5743.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{A17569B9-F5D0-4195-BCDA-04EAA67B994E}.TmpSBE Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007091720070918\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007091820070919\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat{49b4a74d-effa-11db-8588-0018f3a5095b}.TM.blf Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat{49b4a74d-effa-11db-8588-0018f3a5095b}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat{49b4a74d-effa-11db-8588-0018f3a5095b}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\dfsr.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\fsr.log Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\fsrtmp.log Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\tmp.edb Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Defender\FileTracker\{305C6FDB-DF5D-4395-9AD5-F9DD16FEA12B} Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Defender\FileTracker\{67A4DDD5-6E76-4094-884E-DD7A4EBE2B5F} Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Live Contacts\redsn95@hotmail.com\real\members.stg Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Live Contacts\redsn95@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DF15EF.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DF1674.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DF6ED6.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DFA848.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DFA865.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Travis\AppData\Local\VirtualStore\Program Files\mIRC\logs\#rejoice.Imperial.3.log Object is locked skipped
C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\cert8.db Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\history.dat Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\key3.db Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\parent.lock Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\search.sqlite Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar RAR: infected - 4 skipped
C:\Users\Travis\ntuser.dat Object is locked skipped
C:\Users\Travis\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Travis\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Travis\ntuser.dat{b70cb79d-04c3-11dc-a4b2-0018f3a5095b}.TM.blf Object is locked skipped
C:\Users\Travis\ntuser.dat{b70cb79d-04c3-11dc-a4b2-0018f3a5095b}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Travis\ntuser.dat{b70cb79d-04c3-11dc-a4b2-0018f3a5095b}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{B46D657B-31DC-4F04-8097-3318FEE3AC73}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.blf Object is locked skipped
C:\Windows\System32\drivers\etc\Hosts.bak Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

Attached Files



#6 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 19 September 2007 - 12:31 AM

Uhh.. I have a GMER text file as well..

It's huge
so big that I can't post it in this forum...

I made it scan then everything that showed up I copied to notepad...

maybe I have to zip that up too for you to see it?



If you need it.. I zipped that up for you and added it as an attachment here as well

Oh!

and sorry...

I dont think you knew what you were getting yourself into... and i didn't think It would be this big of a problem (I'm assuming its a big problem but i know nothing)
so thank you for your help :thumbsup:

Attached Files

  • Attached File  GMER.zip   11.11KB   31 downloads


#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 19 September 2007 - 06:30 AM

Hello fivelitre

I dont think you knew what you were getting yourself into

Haha, I had an idea of what I was getting into when I saw you were running Windows Vista. They are always a pain to work on :thumbsup:


Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\system32\Drivers\adfglpdv.SYS

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (optional) then click Start full computer scan at the bottom.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip that file by right clicking and selecting send to Zip file
Then upload that as an attachment along with the log file produced in your next post.


Next download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


So in your next reply please post the following : a new .run file(you will need to attach this), the results of that file I asked you to scan, the AVG anti-spyware report, and tell me how your PC is running now and if you had any problems.

Attached Files



#8 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 19 September 2007 - 11:57 AM

C:\WINDOWS\system32\Drivers\adfglpdv.SYS


I am unable to locate this file.

#9 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 19 September 2007 - 12:11 PM

Also.. I just downloaded the AVG Anti-Spyware and tried to open it and received:

"The application failed to initialize properly (0xc0000142). Click OK to terminate the application."
then i get the "AVG Anti-Spyware has stopped working" blah blah blah

#10 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 19 September 2007 - 05:54 PM

Sorry I made a mistake with one of my instructions, concerning runscanner

Do this for my post #7


Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)
  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in ORANGE with a tick, right click them individually and select delete.
  • Accept the warning then repeat until they are all gone.
Please post back with a new .run file and tell me how your PC is running now and if you had any problems.



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
And also post a new DSS log.

Attached Files

  • Attached File  five.zip   99.1KB   21 downloads

Edited by Rorschach, 19 September 2007 - 05:55 PM.


#11 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 20 September 2007 - 12:28 AM

New .run file is attached.

Dr. Web Log:
mirc.exe;c:\program files\mirc;Program.mIRC.621;;
sb6adts.htc\Script.0;C:\$WINDOWS.~Q\DATA\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard L=Cupertino S=Ca C=US\Scripts\sb6adts.htc;Probably SCRIPT.Virus;;
sb6adts.htc;C:\$WINDOWS.~Q\DATA\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard L=Cupertino S=Ca C=US\Scripts;Archive contains infected objects;Moved.;
sb6adts.htc\Script.0;C:\Documents and Settings\Travis\DoctorWeb\Quarantine\sb6adts.htc;Probably SCRIPT.Virus;;
sb6adts.htc;C:\Documents and Settings\Travis\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;;
SetupDTSB.exe;C:\Program Files\DAEMON Tools;Adware.SaveNow;;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;;
A0036148.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP121;Program.mIRC.621;;
A0021774.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP65;Probably BACKDOOR.Trojan;;
firstopt.js;D:\I386\APPS\APP31431;Probably SCRIPT.Virus;;


DSS log
Deckard's System Scanner v20070905.67
Run by Travis on 2007-09-19 22:22:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Travis.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:17 PM, on 19/09/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Travis\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Travis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9871 bytes

-- Files created between 2007-08-19 and 2007-09-19 -----------------------------

2007-09-19 16:09:22 0 d-------- C:\Users\Travis\DoctorWeb
2007-09-19 10:21:13 0 d-------- C:\Users\All Users\Grisoft
2007-09-18 22:06:08 0 d-------- C:\Users\All Users\WinZip
2007-09-18 18:41:13 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-09-10 21:37:22 0 d-------- C:\Windows\pss
2007-09-10 18:02:09 0 d-------- C:\Program Files\Trend Micro
2007-09-10 15:31:50 0 d-------- C:\Windows\BDOSCAN8
2007-09-10 15:09:15 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-09-10 11:07:02 0 d-------- C:\Program Files\Studio 3
2007-09-10 09:09:38 0 d-------- C:\Program Files\Lavasoft
2007-09-10 09:09:37 0 d-------- C:\Users\All Users\Lavasoft
2007-09-10 09:08:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 09:00:17 0 d-------- C:\Program Files\SequoiaView
2007-09-09 18:08:07 0 d-------- C:\Users\All Users\Nero
2007-09-09 18:08:07 0 d-------- C:\Program Files\Common Files\Nero
2007-09-03 17:43:20 0 d-------- C:\Windows\vbSkinner
2007-08-31 17:21:07 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-08-31 17:21:07 0 d-------- C:\Program Files\VstPlugins
2007-08-31 17:18:40 0 d-------- C:\Program Files\Image-Line
2007-08-31 03:08:32 0 d-------- C:\Users\All Users\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2007-09-19 22:22:13 0 d-------- C:\Users\Travis\AppData\Roaming\uTorrent
2007-09-19 22:17:21 0 d-------- C:\Users\Travis\AppData\Roaming\Grisoft
2007-09-17 18:38:48 0 d-------- C:\Program Files\Symantec
2007-09-17 18:02:41 0 d-------- C:\Users\Travis\AppData\Roaming\dvdcss
2007-09-15 07:19:52 0 d-------- C:\Program Files\Apple Software Update
2007-09-12 03:02:19 0 d-------- C:\Program Files\Windows Mail
2007-09-10 22:21:44 0 d-------- C:\Program Files\Yahoo!
2007-09-10 21:23:18 0 d-------- C:\Users\Travis\AppData\Roaming\Skype
2007-09-10 15:39:40 0 d-------- C:\Program Files\Java
2007-09-10 10:57:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 09:08:49 0 d-------- C:\Program Files\Common Files
2007-09-09 18:14:57 0 d-------- C:\Users\Travis\AppData\Roaming\Nero
2007-09-09 18:08:07 0 d-------- C:\Program Files\Nero
2007-09-09 17:42:07 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-08 20:55:50 0 d-------- C:\Program Files\iTunes
2007-09-08 20:55:39 0 d-------- C:\Program Files\iPod
2007-09-04 19:21:22 0 d-------- C:\Users\Travis\AppData\Roaming\Bioshock
2007-08-31 03:06:00 0 d-------- C:\Program Files\Windows Calendar
2007-08-29 03:11:18 174 --ahs---- C:\Program Files\desktop.ini
2007-08-28 13:59:40 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-08-27 18:25:21 0 d-------- C:\Program Files\Logitech
2007-08-19 21:08:35 0 d-------- C:\Program Files\Norton 360
2007-08-14 21:37:55 0 d-------- C:\Users\Travis\AppData\Roaming\Adobe
2007-08-04 23:33:03 0 d-------- C:\Program Files\Skype
2007-08-04 23:32:57 0 d-------- C:\Program Files\Common Files\Skype
2007-07-30 11:08:34 0 d-------- C:\Program Files\Common Files\Logitech
2007-07-30 10:38:49 0 d-------- C:\Program Files\Microsoft Games
2007-07-18 19:28:50 148891 --a------ C:\Windows\hpoins19.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2007 07:28 AM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [08/04/2007 09:44 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 05:34 PM]
"RtHDVCpl"="RtHDVCpl.exe" [08/12/2006 05:51 PM C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 09:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 10:59 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [19/04/2007 06:11 PM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/07/2007 08:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/07/2007 08:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/07/2007 08:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 02:45 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 05:35 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 05:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 05:36 AM]
"uTorrent"="C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" [18/09/2007 04:58 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=C:\Windows\pss\BlackBerry Desktop Redirector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\Windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Travis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31884fba-f07d-11db-820e-0018f3a5095b}]
AutoRun\command- J:\SETUP.EXE /s

*Newly Created Service* - AVGASCLN
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-19 22:22:51 ------------



Computer seems to be running the same, still can't open my control panel.

Attached Files



#12 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 21 September 2007 - 10:04 AM

Hello fivelitre

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

J:\SETUP.EXE

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.



As for your control panel, lets try this.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

Then double click on the fix.reg file, when it prompts to merge click "Yes".


So post back with the WinPFind log and let me know if your control panel is working now.

#13 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 21 September 2007 - 12:17 PM

no such file/folder as J:/Setup.exe That is a dvd drive... i think..well thats what it says on "My Computer" so it doesn't even let me open anything within J:/ drive without asking for me to insert a disk.

I backed up my registry with ERUNT and then made that thing in notepad and did what you said. Control panel still doesn't work.

As for the last scan, I'll run it while I'm in class, so that log will be coming shortly.

#14 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 21 September 2007 - 01:16 PM

Under Additional Scans click the checkboxes in front of the following items to select them:


Which checkboxes do I select?

#15 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 21 September 2007 - 01:43 PM

Sorry about that. There are no additional scans needed so you can ignore that part and continue on with the rest of the steps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users