Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laggy Music + Slow Computer


  • Please log in to reply
13 replies to this topic

#1 fivelitre

fivelitre

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 04 November 2007 - 05:37 PM

After having my computer run for a little while (not even a day) my music, actually any sound gets real slow and laggy, and then once I restart my computer its fine until a few hours later.

Also, I have been having troubles with my computer being slow lately and also when i restart my computer it takes a while to load up and start working.

I posted here a while ago and my problem was fixed but now when my computer starts up i get popups saying something about it's not able to create a restore point or something like that.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:08 PM, on 04/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe (User 'Mcx1')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12577 bytes

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 04 November 2007 - 05:46 PM

Lets see what we can find. You may need to put the reports in two posts, make sure that they are all there.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


* Click here to download AVG Anti Rootkit and save it to your desktop.
  • Double-click on the AVG_AntiRootkit_1.0.0.42.exe file to run it.
  • Click "I Agree" to agree to the EULA.
  • By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
  • Click "Next" to begin the installation then click "Install".
  • It will then ask you to reboot now to finish the installation.
  • Click "Finish" and your computer will reboot.
  • After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
  • Click on the "Perform in-depth search" button to begin the scan.
  • The scan will take a while so be patient and let it complete.
  • When the scan is finished, click the "Save result to file" button.
  • Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.


Make sure you attach the report for WinPFind3

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

#3 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 04 November 2007 - 08:15 PM

extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 2045.87 MiB / 1024.89 MiB
Pagefile Memory (total/avail): 4308 MiB / 2995.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.71 MiB

C: is Fixed (NTFS) - 289.44 GiB total, 109.78 GiB free.
D: is Fixed (FAT32) - 8.63 GiB total, 0.36 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320833AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 289.44 GiB - C:
\PARTITION1 - Unknown - 8.64 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.1.078.000 (Check Point, LTD.)
FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton 360 v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Travis\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRAVIS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Travis
LOCALAPPDATA=C:\Users\Travis\AppData\Local
LOGONSERVER=\\TRAVIS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Travis\AppData\Local\Temp
TMP=C:\Users\Travis\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=Travis-PC
USERNAME=Travis
USERPROFILE=C:\Users\Travis
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Travis
Mcx1


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avi2Dvd 0.4.4 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
BlackBerry v4.2.0 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{87AB561C-8040-4D74-8B4F-77C38004A288}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{2C8916BD-3312-4582-B021-C67FAE11C464}
Call of Duty® 4 - Modern Warfare™ Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Firebird 1.5.1.4481 --> "C:\Program Files\Firebird\Firebird_1_5\unins000.exe"
FL Studio v7.0 --> "C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
I-Doser v4 --> C:\Program Files\IDoser v4\Uninstal.exe
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KartRider --> "C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33562881 -locale:US
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LightScribe Applications --> MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Office Excel 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007 --> MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007 --> MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007 --> MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SAM Broadcaster (remove only) --> "C:\Program Files\SpacialAudio\SAMBC\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SequoiaView --> C:\Program Files\SequoiaView\Uninstal.exe
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
SureThing CD Labeler LightScribe Trial 5 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe"
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type95635 / Success
Event Submitted/Written: 11/04/2007 02:26:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type95616 / Success
Event Submitted/Written: 11/04/2007 02:20:50 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type95612 / Success
Event Submitted/Written: 11/04/2007 02:20:46 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type95595 / Success
Event Submitted/Written: 11/04/2007 02:20:32 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type92979 / Success
Event Submitted/Written: 11/02/2007 07:45:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32855 / Warning
Event Submitted/Written: 11/04/2007 02:49:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {7AAAEAAF-D7A6-4F11-A478-D7F26D1E1098}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type32854 / Warning
Event Submitted/Written: 11/04/2007 02:49:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {FC4A8F46-1648-4803-A4D1-F91DAAF013D8}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type32853 / Warning
Event Submitted/Written: 11/04/2007 02:49:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {72266CCA-5F9D-4DEC-B8B6-347BF92BA357}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type32852 / Warning
Event Submitted/Written: 11/04/2007 02:49:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {B70A3E91-CAA3-42E8-9E6C-545F125D8C7B}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02

Event Record #/Type32851 / Warning
Event Submitted/Written: 11/04/2007 02:48:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Travis-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Travis-PC27 can't undo changes that you allow.

For more information please see the following:
%Travis-PC275

Scan ID: {B35266FE-FC5B-4F36-AB2E-AF3D4ED5857A}

User: Travis-PC\Travis

Name: %Travis-PC271

ID: %Travis-PC272

Severity ID: %Travis-PC273

Category ID: %Travis-PC274

Path Found: %Travis-PC276

Alert Type: %Travis-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-11-04 14:50:25 ------------



main.txt

Deckard's System Scanner v20071014.68
Run by Travis on 2007-11-04 14:48:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2007-11-04 22:29:48 UTC - RP422 - Installed Java™ 6 Update 3
3: 2007-11-04 08:28:28 UTC - RP421 - Scheduled Checkpoint
2: 2007-11-03 05:28:14 UTC - RP420 - Scheduled Checkpoint
1: 2007-11-02 08:42:58 UTC - RP419 - Windows Update


Performed disk cleanup.



-- HijackThis (run as Travis.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:42 PM, on 04/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Travis\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Travis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" (User 'Mcx1')
O4 - HKUS\S-1-5-21-3420793996-3779038212-1366448162-1001\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe (User 'Mcx1')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12510 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070918-183516-612 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070918-183516-694 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s <Not Verified; The Firebird Project; Firebird SQL Server>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s <Not Verified; The Firebird Project; Firebird SQL Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-04 02:11:07 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{3F19FCCA-FC5F-4082-B558-0F9405D02863}.job


-- Files created between 2007-10-04 and 2007-11-04 -----------------------------

2007-10-25 17:16:06 3654 --a------ C:\Windows\system32\drivers\Sonyhcp.dll
2007-10-25 17:16:06 0 d-------- C:\Drivers
2007-10-25 17:15:08 0 d-------- C:\Windows\system32\Iosubsys
2007-10-25 17:05:34 0 d-------- C:\Program Files\Sony
2007-10-25 17:04:12 0 d-------- C:\Users\All Users\Sony Corporation
2007-10-22 13:47:03 0 d-------- C:\Users\All Users\Viewpoint
2007-10-22 13:47:01 0 d-------- C:\Program Files\Viewpoint
2007-10-22 13:46:50 0 d-------- C:\Users\All Users\AOL
2007-10-22 13:46:50 0 d-------- C:\Users\All Users\AOL OCP
2007-10-22 13:46:29 0 d-------- C:\Program Files\Common Files\AOL
2007-10-22 13:45:42 0 d-------- C:\Program Files\AIM6
2007-10-11 18:19:25 0 d-------- C:\Program Files\Activision
2007-10-09 13:55:20 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-10-09 13:50:57 0 d-------- C:\Nexon
2007-10-09 13:50:43 0 d-------- C:\Users\All Users\NexonUS
2007-10-07 20:52:07 0 d-------- C:\Program Files\Guild Wars
2007-10-04 19:36:11 0 d-------- C:\Program Files\Common Files\PX Storage Engine


-- Find3M Report ---------------------------------------------------------------

2007-11-04 14:49:24 0 d-------- C:\Users\Travis\AppData\Roaming\uTorrent
2007-11-04 14:47:36 0 d-------- C:\Users\Travis\AppData\Roaming\mIRC
2007-11-04 14:32:07 0 d-------- C:\Program Files\Java
2007-10-25 18:18:13 0 d-------- C:\Users\Travis\AppData\Roaming\dvdcss
2007-10-25 18:18:01 0 d-------- C:\Users\Travis\AppData\Roaming\Sony Corporation
2007-10-25 17:18:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-24 10:18:27 0 d-------- C:\Users\Travis\AppData\Roaming\Image Zone Express
2007-10-23 20:15:29 0 d-------- C:\Program Files\mIRC
2007-10-22 13:49:33 0 d-------- C:\Users\Travis\AppData\Roaming\acccore
2007-10-22 13:46:29 0 d-------- C:\Program Files\Common Files
2007-10-10 16:58:46 0 d-------- C:\Program Files\Windows Mail
2007-10-04 20:38:40 0 d-------- C:\Users\Travis\AppData\Roaming\Vso
2007-10-04 19:36:31 0 d-------- C:\Program Files\DivX
2007-10-03 13:39:37 0 d-------- C:\Program Files\Symantec
2007-10-03 10:06:35 34 --a------ C:\Users\Travis\AppData\Roaming\pcouffin.log
2007-10-03 10:05:35 7887 --a------ C:\Users\Travis\AppData\Roaming\pcouffin.cat
2007-10-03 10:05:31 0 d-------- C:\Program Files\VSO
2007-10-01 09:31:27 0 d-------- C:\Program Files\iTunes
2007-10-01 09:31:18 0 d-------- C:\Program Files\iPod
2007-09-28 08:07:52 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-09-28 08:05:50 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-09-28 08:05:50 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-28 08:05:40 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-28 08:05:40 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 08:05:40 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 08:05:40 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 08:05:08 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-09-27 18:19:31 0 d-------- C:\Program Files\SureThing CD Labeler 5
2007-09-27 18:18:54 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-26 22:13:51 0 d-------- C:\Program Files\Norton 360
2007-09-23 14:43:13 0 d-------- C:\Program Files\SpywareBlaster
2007-09-22 20:51:20 0 d-------- C:\Program Files\LimeWire
2007-09-19 21:17:21 0 d-------- C:\Users\Travis\AppData\Roaming\Grisoft
2007-09-15 06:19:52 0 d-------- C:\Program Files\Apple Software Update
2007-09-10 21:21:44 0 d-------- C:\Program Files\Yahoo!
2007-09-10 20:23:18 0 d-------- C:\Users\Travis\AppData\Roaming\Skype
2007-09-10 17:02:09 0 d-------- C:\Program Files\Trend Micro
2007-09-10 08:09:38 0 d-------- C:\Program Files\Lavasoft
2007-09-10 08:08:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 08:00:19 0 d-------- C:\Program Files\SequoiaView
2007-09-09 17:14:57 0 d-------- C:\Users\Travis\AppData\Roaming\Nero
2007-09-09 17:13:23 0 d-------- C:\Program Files\Common Files\Nero
2007-09-09 17:08:07 0 d-------- C:\Program Files\Nero
2007-09-09 16:42:07 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-04 18:21:22 0 d-------- C:\Users\Travis\AppData\Roaming\Bioshock
2007-08-29 02:11:18 174 --ahs---- C:\Program Files\desktop.ini
2007-08-24 17:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2007 06:28 AM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [08/04/2007 08:44 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 04:34 PM]
"RtHDVCpl"="RtHDVCpl.exe" [08/12/2006 04:51 PM C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 08:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 09:59 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [19/04/2007 05:11 PM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/07/2007 07:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/07/2007 07:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/07/2007 07:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 01:45 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 02:53 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 01:25 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/06/2007 04:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 01:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 04:35 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 04:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 04:36 AM]
"uTorrent"="C:\Users\Travis\Program Files\uTorrent\uTorrent.exe" [18/09/2007 03:58 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [29/09/2007 12:22 PM]

C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 11:04:08 AM]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [25/10/2007 5:06:32 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 8:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=C:\Windows\pss\BlackBerry Desktop Redirector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\Windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Travis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31884fba-f07d-11db-820e-0018f3a5095b}]
AutoRun\command- J:\SETUP.EXE /s

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-11-04 14:50:25 ------------



Kaspersky.txt


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 04, 2007 5:13:03 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/11/2007
Kaspersky Anti-Virus database records: 451589
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 144920
Number of viruses found: 5
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:54:36

Infected Object Name / Virus Name / Last Action
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Address Book\HP_Administrator.wab Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Credentials\S-1-5-21-1478714791-59452595-1119793503-1007\Credentials Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\009f1baa9a092dfdad6a3bd9b154815f_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\05e193d799be994876a992b539f29942_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\05ebd391a920cedfb57675b1f05b6e01_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\09a795504275293de59e4b59b05aa64c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\10fa583c7bd0f48d4b347e00e8714c14_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\11882aa195b6ae6818e2e60c0ebbcd32_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\11ae5cabbf9e53f18d3a262d2435737c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\129d5830aa296bf7439bc567711a42a5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\12f5f46cb3688eb3ac2ade38308993ee_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\13f2c3125c338e6eb8c8acedd2542318_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1557155dda4b71f1ae2579ab4aa1ae7e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\16a296442e21f6d89ba2ff772cf8a0ef_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\18a046159f402526a6d0aef778c9ad2e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1b7ace44bfa8649be11bdd47584c85c2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1e58d84f280edaf0be542c651f4b774d_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1e824c4c9ff1d21cb4a93648a0293e02_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\1f03b95eb8cf83e0703239404e39a905_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\21ded613f2be71a66f3104061ddb00d3_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\25d35b519b1720ff9eb70e38078af427_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\27fce497d41530ba26de4ca359a5adbb_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\2ca2f159af48272313cd2ed7ded06171_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\2dbae9d4e9d0ef133a53ccfb4db30253_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\34717587c09047900b55c16ebdb9adb6_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\36facbbabc8b120c8980f3dfe11b3516_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\3c64d71e319e3aa304fd72669c704a8c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\3d30d3dc550315d3ec6a56efff78af62_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\40fc9a07f4de7fb4d5c908b3025d9f40_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4733e0033bafcc3c0e314e0bded38b55_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4ad8e4a5975db01a79d2c6f520b13f8b_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4c0332843d9d9364d7703f92eb48236e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\4f7e297dbab62c90ae7606f60dd68cbc_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\50557c9ff04ea1f071e40cc716d6c2ea_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\52d5f685f63e55d95af2129318cd5b02_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\571fd22f6d2755b30657b75ec2d53244_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\5baae05dcd23924d685bf56c666c8777_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\5f48e88b41bc25175f5b884bcd41c5ba_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\680fb03a518bec4065f1bd8c35fdc892_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\68f91210a37c395d33b39b951f09a612_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\690abea15c7f862acf6d4c3db639f024_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\693627048fde56f77d480d190fc87eb9_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\719f12bd755c84a4f905be3065ef70e5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\7676e41b35992fabe2202d278d68c4f4_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\7761488fd885f1bd834595fe21364138_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\78994f1cbb4be04c5f9f607142be344e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\78be047f54ecdf381d80ce801ec90ede_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\79f118963942914c7a9dc79f65d81247_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\7a14a5b5f68d436dfc0b906828e48544_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\83aa4cc77f591dfc2374580bbd95f6ba_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8539cb59276885c42fd0068a52cdd2f7_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\86be3bef6a88d8be0edb5787413e39e4_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\86d3a041a5728d0e7186e2bf00631d53_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\89d0158c22fb0556f3aa8c2bbd4fd8df_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\89dc0660d18720741fc26e8bfa8fd585_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8c66b51866f9cbde08c030abc4a28ac5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8c8ed320f3e16e592e911f20b6a0ac66_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8d297ee1cc485dbe9fe2dc4b35a49b06_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\8de87d6b633cb48b7bc6c61323f15d6e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\90b9c3d4a5639d9f855fdf8337e0292a_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\9247d6c44afaae7f7c890b45507ed9f6_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\926c1ba6d5d9aa9f37be7512e8df06a1_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\929dd8c49c71e594666675a749b9c256_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\951f8ea5abbe65ad622334fcee3083de_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\9578a0c050feb54e689870d1a4223a30_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\96c7838063bbdf878b66699d54047e9e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\9c2b1f37beb29d99bfb3a707522f0f53_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\a7556790eccbf4c30d7d3a3cfd989059_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\a898961d5c2877a9a865d2329cc1497c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\a92b9bb4919fce5bb9bb1ef5b0e71eed_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\aa674fca801701defd24644e51e2abea_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\aba1242c695fd062b57a6dbb2ab1f4dd_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\b0bcceda3bb954b8a928fa3f1a9b716f_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\b91e90c8f48fe7612d5be24cec2138b1_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\bad57ae56060112e9c40c75c01866fbf_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\bdfa9175b77059cd3232b7a57d44c8d5_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\c178f232ed9f794aedd8b5ca1b2f162f_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\c314b0df6ba9b83fb0f179fea2c61365_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\c8c8f5e25260596c6f23190ad18725bf_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d137ce2d21bf5fb40fa3084684209596_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d14b2ea3eec4714fdceb848acebd15f0_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d3101f0bea07913a616d5166a1c67f74_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d631ce202a89a20b1c75bba71b8d8345_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d6545625c69b65052c8a768cecbf50ec_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\d664e37c82e1555caaa944f5bed53bf4_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\da5611036f9a70607e157591c81bc772_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\da7f687fd773ef7771c05bba7bce8297_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\daef256209f3f9b952d7446b17fec728_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\db7f910d0051fde9fa2555569126d246_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\dbe8270e9b07ec5ef90a749a3d04ef46_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\dd6ede641b70e6e1a8574e13d43b41a7_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ded96226c2cfedeadcb1ccf626e76d26_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\df42d5e3d93eaedc844a46c78440d458_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e211c5d26ffaa04a1c0c0fc55b104246_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e315e10df4267e6a7c55bee6459e1186_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e4aea709c81eee9b0d8698b30f4971c2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e51e95d475e27247f0e9098417c2724b_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e594b6e2616a3cbdde1bb090560cdbc1_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\e98331f0ec8e569f97290b1a4f19d138_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f041ee9ac59fe919269127d7c7bc469e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f0b472179f62f9ece3638a1962555cc0_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f0cd24462f59ca22867ee0cb10f1feb2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f737244993d356717dceaba58ebc0258_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\f81d132af599aba32da248bbdbaeda2d_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa0452345cac19f327132441cfb4a4a2_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa30a74418d73349b3edb845464d100c_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa7bdbdda5423b5b58fbfb44e0dc5203_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fa87c953e33579cf7d69409139c5e487_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fab578156c31aa6629b23de3cbf69883_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\fe559a0804523e43ec5b9fdad6b6f87e_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ff30ca56fc967e8424524ee0b271d9a7_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ff33a859deb413b74ceb3de61b822e57_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1478714791-59452595-1119793503-1007\ff9949baa3a656386d78d99d9c75dbdd_689cfa2c-66f2-49df-9555-bee9c932e0ad Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\eHome\ehshell.config Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Protect\S-1-5-21-1478714791-59452595-1119793503-1007\15c031d5-4545-4a40-99b1-d070b492e834 Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Protect\S-1-5-21-1478714791-59452595-1119793503-1007\49c10d33-633c-442f-9208-76d6f8a81c00 Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Protect\S-1-5-21-527237240-179605362-725345543-500\fd71eae1-1ae2-43c7-be6a-585fb2dc9197 Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.answers[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adcentriconline[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@addictinggames[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adfarm.mserve[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultadworld[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aim[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@andee23.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@answers[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aol[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ataricommunity[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@babygirlshea09.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bebo[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bigfishgames[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bookclubservices[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@by104w.bay104.mail.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@calgary.ctv[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cattylisa.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cineplex.repeatseat[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cineplex[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@communist_playground[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@contest.blastpromo[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@core.mochibot[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@C__Program Files_GemMaster_[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dcsupekszufkq6ellogbkmx2w_6t4k[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@delb.myspace[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@delb2.myspace[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@demr.myspace[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@divertissement.sympatico.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@douglas.bc[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@download.mozilla[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ebayobjects[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ebay[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-cineplex.hitbox[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-corusentertainment.hitbox[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@enwhore[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ex=1[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eyereturn[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@facebook[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fantasy.sportsnet[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fileden[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fishstik[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gallery.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gamespot[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go.drivecleaner[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@google[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@google[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hallpass[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hotmail.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imageshack[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imdb[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@img459.imageshack[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@jose1948.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lanibanana.spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.facebook[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m.webtrends[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mb[3].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.fastclick[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@messenger.msn[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoft[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mmp.studiofeeds[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mojoflix[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@movie[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mozilla[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msn[3].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mydouglas.douglas.bc[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myfreepaysite[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mygamercard[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myspace[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@optimizedby.rmxads[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@panoramio[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@personals.yahoo[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@player_new[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pornmonkeycash[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pornotube[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@princesssherry1.spaces.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@quantserve[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rad.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rad.msn[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@redsn95.spaces.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rogue.seoinc[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rtm[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sdc.brightcove[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@search.live[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serviceswitching[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@skype[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@slide[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@song2play[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@spaces.live[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@speedzone.sympatico.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet-bktri06[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet-fb_super07[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet-[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sportsnet[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ssdc.ups[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@store.streetmoda[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@td.torrent-damage[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tonelink[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tour.haleywilde[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@unicast[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@video.sympatico.msn[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webroot[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@wowstatus[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.addictinggames[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.aim[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.answers[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.asiansensationmovies[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ataricommunity[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.cfox[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.cineplex[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.drivecleaner[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ebaypromotion[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.enwhore[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.fileden[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.girlscaughtoncam[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.nexopia[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.rogersplus[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.rogersvideo[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.xvideo[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xbox[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yahoo[2].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\hp_administrator@youtube[1].txt Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1478714791-59452595-1119793503-1007\Credentials Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\KNCXQZOH\fwlink[1] Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\N08Z0XVZ\fwlink[1] Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007032620070402\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007040220070409\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007040920070416\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041620070417\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041720070418\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041820070419\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007041920070420\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007042020070421\index.dat Object is locked skipped
C:\$INPLACE.~TR\Data\DATA\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007042120070422\index.dat Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\10.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\12.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\13.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\14.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2002_12\9.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\11.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\2.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\3.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\4.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\5.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\6.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\7.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard\SSShortcuts\DateStacks\2003_06\8.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\2007 history evening syllabus.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Blahblahblah.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Book1.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Book2.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\criminology 2252-term paper assignment (spring 2007).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Desktop (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Desktop.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Doc1 (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Doc1.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\bleepingstupid.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\My Documents (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\My Received Files.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\StructuralismFunctionalism (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\The problem with philosophy and much of psychology is the failure to correctly employ common language.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Travis's Folder (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\Travis's Folder.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\What Is It (2).LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\What Is It.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Application Data\Microsoft\Office\Recent\What Is It1.LNK Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\(EERIE SILENCE) dumbheartt(2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\(EERIE SILENCE) dumbheartt.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\07 'Cuz I Can.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007 history evening syllabus.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_03030002.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_03030005.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_03060017.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0307.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0317.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0324.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_0413.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130301.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130302.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130307.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130310.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\2007_04130311.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\aaf-cenwwl.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\aaf-cenwwl.part01.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\addresses.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\allie.dawn2122964046.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Apocalyptica - Imperial march.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\apocalyptica - nothing else matters.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ash.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Babel.2006.PAL.NORDIC.DVDR-BIZARRE (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bestballer4life2727418967.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Birthday.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bizarre-babel.part001.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Blades.of.Glory.(2007).DVD.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Blades.of.Glory.(2007).DVD.ntsc.dvdr.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Blahblahblah.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Book1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Book2.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\boot.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\browneyes_bl3222893906.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Carmen.Electras.Naked.Womens.Wrestling.League.PPV.XViD-aAF (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Carmen.Electras.Naked.Womens.Wrestling.League.PPV.XViD-aAF.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\CD1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\CD2.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Children.Of.Men.2006.NTSC.DVDR-CCAT (3).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Construction.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Copy_of_Roni's_Funeral_-_Aprl_13,_2007_175.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\crash-sum.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Crash.2004.DVDRip.XviD-SUM (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Crash.2004.DVDRip.XviD-SUM.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Def Lepard - Pour Some Sugar On Me (Coyote Ugly Soundtrack Version).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Deja.Vu.DVDR-Replica (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Deja.Vu.DVDR-Replica.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-coi3a (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-coi3b (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-icbittwt13a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\divxfactory-icbittwt13b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\dl-g (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Doc1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\dragongirl_332240441517.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\DSCF0363.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\eagles - desperado.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\exhibitionofTony.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Family.Guy.S06E14.PDTV.XviD-2HD.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3 (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3 (3).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3-crack.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\flt-cnc3.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bleepingstupid (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\bleepingstupid.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Ghostrider.R5.LINE.DVDR-DREAMLiGHT (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\green.mile.a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\green.mile.b (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\green.mile.b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\GRU-SC4A (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\gru-sc4a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\GRU-SC4B (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\gru-sc4b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\GRU-SC4E (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\gru-sc4e.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\help.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\HPIM1734.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\HPIM2395.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\http _www.deviantart.com_deviation_43538807_ qo=125&q=wall&qh=boost%3Apopular+age_sigma%3A24h+age_scale%3A5.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\I.Cant.Believe.I.Took.The.Whole.Thing.13.XXX.DVDRiP.XviD-DivXfacTory.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\IMG_1165.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Incomplete.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Joe Walsh - A Life Of Illusion.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\John.Tucker.Must.Die.2006.MULTiSUBS.PAL.DVDR-SUBTiTLES (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Johnny Cash - I Walk The Line.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katybookwishlist.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@19_16_22.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@20_15_19.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@20_15_43.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Katy_16_04_2007@20_15_59.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\komiso_183680382853.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Last.Stand.of.the.300.XviD.iNT-TD (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\lil_cutie_74607732083.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\lindseytravislist.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Linkin Park - What I've Done (Higher Quality).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\links.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\lrc-hf.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\mda6.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\me4.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\MessageLog.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\MONOPOLY.3-DEViANCE (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\mptdvd-cr-dvdr (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\My Documents.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\My Received Files.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\n509512491_39728_9598.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\nep-300dvdscr1-xvid.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\nerd.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\netshow-cnc3cn_mi.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\New Folder (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\New Folder.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Nickelback - If Everyone Cared.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\nympho-mda6.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\pauline.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Photoshop.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Photoshop_Tips_and_Tricks_Tutorials_2 (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picthingymajigy.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picture 12.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picture 8.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Picture68.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Pictures and Videos.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\pl-deep4b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\prison.break.217.hdtv.xvid-notv.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\prison.break.217.hdtv.xvid-notv.part01.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\prison.break.221.hdtv-lol (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Prison.Break.S02E14.HDTV.XviD-LOL (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Prison.Break.S02E20.HDTV.XviD-LOL (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ps-ncc62a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ps-p-a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\ps-p-b.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Psychstats (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Psychstats.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\QuickCam.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\reena.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\rep-dejavu (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\rep-dejavu.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\resume.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\RIP.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\saddlegal64082589194.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\select query.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\setup-1a.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\sillymatttricksareforkids.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\SimCity_4_English_Proper-gimpsRus.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\SimCity_4_Transportation_Addon-gimpsRus (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\SimCity_4_Transportation_Addon-gimpsRus.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\smokinhot4.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\south.park.1107.dsr.xvid.notv.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\south.park.1107.dsr.xvid.notv.part01.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\South.Park.S11E07.DSR.XviD-NoTV (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\South.Park.S11E07.DSR.XviD-NoTV.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\srharlem1467855081.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\stiffler_rocks_my_world344125646718.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\supernatural.215.hdtv.xvid-notv.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\supernatural.s02e17.hdtv.xvid-xor (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Supernatural.S02E18.HDTV.XviD-XOR (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\supernatural.s02e18.hdtv.xvid-xor (3).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Supernatural.S02E18.HDTV.XviD-XOR.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\sweetie_dl3656801828.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\The Chicago School.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\The Music - Breakin'.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\The problem with philosophy and much of psychology is the failure to correctly employ common language.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\thp-smokin.aces (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Travis's Folder.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\TravisSocioCrim.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\UlTraWoW_Hack_Patch_%281.11.1%29.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\VDDandI.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\verbal_sweetness_6998434363990.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\victoria_ashby1188358630.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\Wake Up.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\wbros-300-cd1 (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\What Is It (2).lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\What Is It.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\What Is It1.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\xor-supernatural.218.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Recent\[isoHunt] Blades.of.Glory.(2007).DVD.ntsc.dvdr.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk Object is locked skipped
C:\$INPLACE.~TR\Machine\DATA\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Vista Upgrade Advisor.lnk Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DCF7873E.TMP Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\$WINDOWS.~Q\DATA\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-02.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-03.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini011707-04.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini020507-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini021707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini022507-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini022707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini030307-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini032007-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini033007-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini033107-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini040207-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\Minidump\Mini040707-01.dmp Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\default Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\default.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\default.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\SAM Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\sam.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\sam.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\security.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\security.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\software Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\software.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\software.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\system Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\system.LOG1 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\config\system.LOG2 Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\wbem\AutoRecover\B0F7571D09CBE0AE81CB8FC91B04A321.mof Object is locked skipped
C:\$WINDOWS.~Q\DATA\WINDOWS\system32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIUD4E4.txt Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8454f95c5b4fa487fad1d5f13dc203d1_39859c96-7008-42ea-8156-23daec1052ab Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c817ad02c9d8511c2903bc6bd2e3549f_39859c96-7008-42ea-8156-23daec1052ab Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_39859c96-7008-42ea-8156-23daec1052ab Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_3772133864_2883584_102125 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE8EEC.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{838C7372-51C4-4DEE-BBB0-7F4FC6CAE996}.TmpSBE Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007110420071105\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2A5D8D62-15EF-492F-8C31-F4C7A42A0698}.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat{49b4a74d-effa-11db-8588-0018f3a5095b}.TM.blf Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat{49b4a74d-effa-11db-8588-0018f3a5095b}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows\UsrClass.dat{49b4a74d-effa-11db-8588-0018f3a5095b}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\dfsr.db Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\fsr.log Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\fsrtmp.log Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Messenger\redsn95@hotmail.com\SharingMetadata\Working\database_90E0_D646_E0D6_31E8\tmp.edb Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Defender\FileTracker\{D39401FE-20B6-4AC4-9B60-A54146CC1860} Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Live Contacts\redsn95@hotmail.com\real\members.stg Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Live Contacts\redsn95@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\Travis\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DF4118.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DF41F7.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DFD7B3.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DFE868.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~DFEC05.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~PIDED1.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~PIDF40.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Temp\~PIE1B3.tmp Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Travis\AppData\Local\Mozilla\Firefox\Profiles\n2e83l4u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Travis\AppData\Roaming\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Users\Travis\AppData\Roaming\mIRC\logs\#devildogs.Imperial.log Object is locked skipped
C:\Users\Travis\AppData\Roaming\mIRC\logs\#general.Imperial.log Object is locked skipped
C:\Users\Travis\AppData\Roaming\mIRC\logs\Rykk.Imperial.log Object is locked skipped
C:\Users\Travis\AppData\Roaming\mIRC\logs\status.Imperial.log Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\cert8.db Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\history.dat Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\key3.db Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\parent.lock Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\search.sqlite Object is locked skipped
C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\n2e83l4u.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar/nue8.0.3.0r.iso Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Travis\Documents\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.rar RAR: infected - 4 skipped
C:\Users\Travis\ntuser.dat Object is locked skipped
C:\Users\Travis\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Travis\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Travis\ntuser.dat{b70cb79d-04c3-11dc-a4b2-0018f3a5095b}.TM.blf Object is locked skipped
C:\Users\Travis\ntuser.dat{b70cb79d-04c3-11dc-a4b2-0018f3a5095b}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Travis\ntuser.dat{b70cb79d-04c3-11dc-a4b2-0018f3a5095b}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\Internet Logs\IAMDB.RDB Object is locked skipped
C:\Windows\Internet Logs\TRAVIS-PC.ldb Object is locked skipped
C:\Windows\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{F6E3396D-370E-484E-8E2A-4D7E23069940}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{b70cb782-04c3-11dc-a4b2-0018f3a5095b}.TxR.blf Object is locked skipped
C:\Windows\System32\drivers\etc\Hosts.bak Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JET4A52.tmp Object is locked skipped
C:\Windows\Temp\JET4B0E.tmp Object is locked skipped
C:\Windows\Temp\ZLT04621.TMP Object is locked skipped
C:\Windows\Temp\ZLT04624.TMP Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\I386\APPS\APP14588\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP14588\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP14588\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP14588\src\CompaqPresario_Spring06.exe WiseSFX Dropper: infected - 2 skipped
D:\I386\APPS\APP14588\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP14588\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP14588\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP14588\src\HPPavillion_Spring06.exe WiseSFX Dropper: infected - 2 skipped

Scan process completed.

#4 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 04 November 2007 - 09:15 PM

AVG didn't find anything therefore it wouldn't let me make a log.

Winpfind3u log:

WinPFind3 logfile created on: 04/11/2007 6:10:57 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Users\Travis\Desktop\WinPFind3u\
Windows Vista ™ Home Premium (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16546)

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.52% Memory free
4.00 Gb Paging File | 2.69 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.44 Gb Total Space | 118.28 Gb Free Space | 40.86% Space Free
Drive D: | 8.63 Gb Total Space | 0.36 Gb Free Space | 4.21% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TRAVIS-PC
Current User Name: Travis
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 1:38:50 PM | Attr = ]
aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 2:53:16 PM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 29/09/2007 12:22:36 PM | Attr = ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 02/11/2006 11:17:28 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 25/05/2007 9:16:08 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 6:04:36 PM | Attr = ]
avgarkt.exe -> %ProgramFiles%\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe -> Grisoft [Ver = 1, 1, 0, 42 | Size = 2318336 bytes | Modified Date = 31/01/2007 5:33:56 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 1:25:42 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 09/01/2007 9:59:52 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 09/01/2007 9:59:32 PM | Attr = ]
fbguard.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.1.4481 | Size = 65536 bytes | Modified Date = 14/07/2004 12:05:10 AM | Attr = ]
fbserver.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.1.4481 | Size = 1527887 bytes | Modified Date = 14/07/2004 12:05:10 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 02/11/2007 8:36:24 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 4:31:10 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 271960 bytes | Modified Date = 10/12/2006 8:51:08 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 02/01/2007 8:40:10 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 10/12/2006 8:52:38 PM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 6.2.2.1001 | Size = 151552 bytes | Modified Date = 19/04/2007 5:11:16 PM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.2.2.1001 | Size = 81920 bytes | Modified Date = 19/04/2007 5:10:42 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 1:41:56 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 1:42:04 PM | Attr = ]
iviregmgr.exe -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 04/01/2007 6:48:52 PM | Attr = R ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 1:11:36 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 19/04/2007 12:35:46 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 19/07/2007 11:38:54 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 19/07/2007 11:38:54 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 19/07/2007 11:40:48 PM | Attr = ]
mirc.exe -> %ProgramFiles%\mIRC\mirc.exe -> mIRC Co. Ltd. [Ver = 6.3 | Size = 2380800 bytes | Modified Date = 16/08/2007 1:11:52 PM | Attr = ]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 08/08/2007 8:25:08 AM | Attr = ]
qw29el.exe -> %ProgramFiles%\Grisoft\AVG Anti-Rootkit Free\qW29El.exe -> Grisoft [Ver = 1, 1, 0, 42 | Size = 2318413 bytes | Modified Date = 04/11/2007 5:27:44 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 13 | Size = 4227072 bytes | Modified Date = 08/12/2006 4:51:12 PM | Attr = ]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 31/08/2007 3:46:18 PM | Attr = ]
spuvolumewatcher.exe -> %ProgramFiles%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> Sony Corporation [Ver = 1.2.00.13151 | Size = 344064 bytes | Modified Date = 15/01/2007 12:23:48 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 20/05/2007 3:57:12 PM | Attr = ]
utorrent.exe -> %SystemDrive%\Users\Travis\Program Files\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 18/09/2007 3:58:44 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 1:38:10 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Check Point Software Technologies LTD [Ver = 7.1.078.000 | Size = 79664 bytes | Modified Date = 04/06/2007 4:24:56 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 AM | Attr = ]
xaudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 28/11/2006 3:44:58 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Check Point Software Technologies LTD [Ver = 7.1.078.000 | Size = 960240 bytes | Modified Date = 04/06/2007 4:24:58 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 1:38:50 PM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 24/04/2007 5:01:56 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 6:04:36 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 4:31:10 AM | Attr = ]
(ccEvtMgr) ccEvtMgr [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 09/01/2007 9:59:32 PM | Attr = ]
(ccSetMgr) ccSetMgr [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 09/01/2007 9:59:32 PM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 09/01/2007 9:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 12/01/2007 7:40:58 PM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(FirebirdGuardianDefaultInstance) Firebird Guardian - DefaultInstance [Win32_Own | Auto | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.1.4481 | Size = 65536 bytes | Modified Date = 14/07/2004 12:05:10 AM | Attr = ]
(FirebirdServerDefaultInstance) Firebird Server - DefaultInstance [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.1.4481 | Size = 1527887 bytes | Modified Date = 14/07/2004 12:05:10 AM | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(IAANTMON) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.2.2.1001 | Size = 81920 bytes | Modified Date = 19/04/2007 5:10:42 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 11:41:10 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 1:41:56 PM | Attr = ]
(IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 04/01/2007 6:48:52 PM | Attr = R ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 19/04/2007 12:35:46 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.53 | Size = 2983544 bytes | Modified Date = 11/05/2007 4:03:54 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 09/01/2007 9:59:32 PM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 5:30:16 PM | Attr = ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 19/07/2007 11:38:54 PM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 19/07/2007 11:40:48 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 19/07/2007 11:42:30 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 08/08/2007 8:25:08 AM | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.0.4.0 | Size = 382248 bytes | Modified Date = 03/08/2007 11:51:18 AM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 31/08/2007 3:46:18 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.552 | Size = 74656 bytes | Modified Date = 02/01/2007 10:35:24 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 20/05/2007 3:57:12 PM | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 1:38:10 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Check Point Software Technologies LTD [Ver = 7.1.078.000 | Size = 79664 bytes | Modified Date = 04/06/2007 4:24:56 AM | Attr = ]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 28/11/2006 3:44:58 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 1:25:42 AM | Attr = ]
AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 2:53:16 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 09/01/2007 9:59:52 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 10/12/2006 8:52:38 PM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 6.2.2.1001 | Size = 151552 bytes | Modified Date = 19/04/2007 5:11:16 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 20/03/2006 4:34:50 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 1:42:04 PM | Attr = ]
Media Codec Update Service -> %ProgramFiles%\Essentials Codec Pack\update.exe -> MediaCodec.Org [Ver = 1, 0, 0, 1 | Size = 303104 bytes | Modified Date = 08/04/2007 8:44:42 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 8466432 bytes | Modified Date = 06/07/2007 7:15:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 81920 bytes | Modified Date = 06/07/2007 7:15:00 PM | Attr = ]
NvSvc -> %System32%\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 86016 bytes | Modified Date = 06/07/2007 7:15:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 5:24:52 AM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 13 | Size = 4227072 bytes | Modified Date = 08/12/2006 4:51:12 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 1:11:36 AM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Check Point Software Technologies LTD [Ver = 7.1.078.000 | Size = 960240 bytes | Modified Date = 04/06/2007 4:24:58 AM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 29/09/2007 12:22:36 PM | Attr = ]
uTorrent -> %SystemDrive%\Users\Travis\Program Files\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 18/09/2007 3:58:44 PM | Attr = ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 02/01/2007 8:40:10 PM | Attr = ]
< User Startup > -> C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 11:04:08 AM | Attr = ]
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk -> %ProgramFiles%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> Sony Corporation [Ver = 1.2.00.13151 | Size = 344064 bytes | Modified Date = 15/01/2007 12:23:48 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 4:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 ->
< HOSTS File > (936 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
::1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 10:08:42 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.7.4 | Size = 97960 bytes | Modified Date = 18/02/2007 7:22:56 PM | Attr = R ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 02/07/2007 4:10:58 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 31/10/2006 2:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 1:11:34 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.7.4 | Size = 609424 bytes | Modified Date = 18/02/2007 7:23:06 PM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 1:11:34 AM | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 03/06/2005 5:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 03/06/2005 5:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 03/06/2005 5:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 01/08/2005 4:43:00 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1F756D1B-3DCA-46A3-8D55-F4B21134347B} -> (Intel® 82562V 10/100 Platform LAN Connect) ->
{CF8AF0F0-3D1A-400D-871C-FAECFDFF5DC8} -> (Microsoft Windows Mobile Remote Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 02/07/2007 4:10:58 PM | Attr = R ]
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23/10/2006 12:48:20 AM | Attr = ]
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 22/10/2006 11:01:50 PM | Attr = ]
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk -> %ProgramFiles%\Research In Motion\BlackBerry\Redirector.exe -> Research In Motion Limited [Ver = 3.6.0.53 | Size = 1319024 bytes | Modified Date = 27/08/2006 10:38:52 AM | Attr = ]
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk -> %ProgramFiles%\Research In Motion\BlackBerry\DesktopMgr.exe -> Research In Motion Limited [Ver = 4.2.0.14 (Release build by absadmin) | Size = 1114217 bytes | Modified Date = 27/08/2006 10:38:50 AM | Attr = ]
C:^Users^Travis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 6:16:50 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 2:53:16 PM | Attr = ]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> File not found
BigDogPath -> %SystemRoot%\VM_STI.EXE -> VM. [Ver = 4.2.610.4 | Size = 40960 bytes | Modified Date = 21/01/2003 1:19:24 PM | Attr = ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.09.0.0 | Size = 165784 bytes | Modified Date = 03/04/2007 2:29:16 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 1:42:04 PM | Attr = ]
LightScribe Control Panel -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 484904 bytes | Modified Date = 19/04/2007 12:26:52 PM | Attr = ]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 25/07/2007 3:02:54 PM | Attr = ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2027792 bytes | Modified Date = 25/07/2007 3:06:30 PM | Attr = ]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 1828136 bytes | Modified Date = 08/08/2007 8:25:06 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 01/03/2007 2:57:24 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 5:24:52 AM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.175 | Size = 23237416 bytes | Modified Date = 02/07/2007 4:10:58 PM | Attr = R ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 3:46:28 PM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 5:30:16 PM | Attr = ]


[Files/Folders - Created Within 30 days]
Drivers -> %SystemDrive%\Drivers -> [Folder | Created Date = 25/10/2007 5:16:06 PM | Attr = ]
Nexon -> %SystemDrive%\Nexon -> [Folder | Created Date = 09/10/2007 1:50:57 PM | Attr = ]
game.ini -> %SystemRoot%\game.ini -> [Ver = | Size = 324 bytes | Created Date = 11/10/2007 6:25:44 PM | Attr = ]
Iosubsys -> %System32%\Iosubsys -> [Folder | Created Date = 25/10/2007 5:15:08 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 04/11/2007 2:32:07 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 04/11/2007 2:32:07 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 04/11/2007 2:32:08 PM | Attr = ]
nppt9x.vxd -> %System32%\nppt9x.vxd -> [Ver = | Size = 5174 bytes | Created Date = 09/10/2007 1:55:19 PM | Attr = ]
npptNT2.sys -> %System32%\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Created Date = 09/10/2007 1:55:20 PM | Attr = ]
SONYHCY.DLL -> %System32%\SONYHCY.DLL -> Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 25/10/2007 5:16:06 PM | Attr = ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 04/11/2007 5:17:14 PM | Attr = ]
cdr4_2k.sys -> %System32%\drivers\cdr4_2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 25/10/2007 5:15:08 PM | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 25/10/2007 5:15:08 PM | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 25/10/2007 5:15:08 PM | Attr = ]
pxhelp20.sys -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Created Date = 25/10/2007 5:15:08 PM | Attr = ]
sonyhcb.sys -> %System32%\drivers\sonyhcb.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 25/10/2007 5:16:06 PM | Attr = ]
sonyhcc.sys -> %System32%\drivers\sonyhcc.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 25/10/2007 5:16:06 PM | Attr = ]
Sonyhcp.dll -> %System32%\drivers\Sonyhcp.dll -> [Ver = | Size = 3654 bytes | Created Date = 25/10/2007 5:16:06 PM | Attr = ]
sonyhcs.sys -> %System32%\drivers\sonyhcs.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 25/10/2007 5:16:06 PM | Attr = ]
sonypvs1.sys -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 25/10/2007 5:16:06 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Drivers -> %SystemDrive%\Drivers -> [Folder | Modified Date = 25/10/2007 5:16:08 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145861632 bytes | Modified Date = 04/11/2007 5:22:16 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 3622 bytes | Modified Date = 22/10/2007 1:49:06 PM | Attr = H ]
Nexon -> %SystemDrive%\Nexon -> [Folder | Modified Date = 09/10/2007 1:50:58 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 25/10/2007 5:05:36 PM | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 25/10/2007 5:04:14 PM | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 04/11/2007 3:27:36 PM | Attr = HS]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 26/10/2007 2:53:40 PM | Attr = ]
Windows -> %SystemRoot% -> [Folder | Modified Date = 25/10/2007 8:57:04 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 10/10/2007 4:58:46 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 11/10/2007 6:27:10 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 04/11/2007 5:22:20 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 04/11/2007 2:53:12 PM | Attr = S]
game.ini -> %SystemRoot%\game.ini -> [Ver = | Size = 324 bytes | Modified Date = 11/10/2007 6:25:46 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 04/11/2007 5:29:02 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 04/11/2007 2:32:38 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 04/11/2007 5:57:20 PM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 275414806 bytes | Modified Date = 23/10/2007 2:00:52 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 23/10/2007 2:01:12 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 04/11/2007 2:25:58 PM | Attr = ]
System32 -> %System32% -> [Folder | Modified Date = 04/11/2007 5:29:08 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 04/11/2007 6:10:38 PM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 10/10/2007 5:00:24 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 04/11/2007 5:22:30 PM | Attr = H ]
User_Feed_Synchronization-{3F19FCCA-FC5F-4082-B558-0F9405D02863}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{3F19FCCA-FC5F-4082-B558-0F9405D02863}.job -> [Ver = | Size = 420 bytes | Modified Date = 04/11/2007 2:11:08 AM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3680 bytes | Modified Date = 04/11/2007 5:22:30 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3680 bytes | Modified Date = 04/11/2007 5:22:30 PM | Attr = H ]
catroot -> %System32%\catroot -> [Folder | Modified Date = 25/10/2007 5:18:24 PM | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 02/11/2007 9:28:40 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 04/11/2007 5:27:50 PM | Attr = ]
Iosubsys -> %System32%\Iosubsys -> [Folder | Modified Date = 25/10/2007 5:15:10 PM | Attr = ]
migration -> %System32%\migration -> [Folder | Modified Date = 10/10/2007 4:58:48 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 108122 bytes | Modified Date = 04/11/2007 5:29:08 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 622906 bytes | Modified Date = 04/11/2007 5:29:08 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 716948 bytes | Modified Date = 04/11/2007 5:29:04 PM | Attr = ]
WDI -> %System32%\WDI -> [Folder | Modified Date = 08/10/2007 9:27:06 AM | Attr = ]
vsconfig.xml -> %System32%\drivers\vsconfig.xml -> [Ver = | Size = 350468 bytes | Modified Date = 04/11/2007 5:22:26 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (275414806 bytes) ->
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 9:14:52 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 28/09/2007 8:05:40 AM | Attr = ]
UPX! , UPX0 , -> %System32%\vbskpro2.ocx -> JB [Ver = 2.01 | Size = 412672 bytes | Modified Date = 08/08/2005 2:07:00 PM | Attr = ]

< End of report >

#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 05 November 2007 - 05:24 PM

Hello fivelitre

Good news, it isn't malware causing your problem.

It seems to be that you have conflicts between your security programs. This is often the case for slow down.

For example you have two firewalls running, ZoneAlarm and Norton 360. This can cause a lot of problems. Personally I would recommend removing both, as Norton products tend to be resource hogs. You need to remove at least one anyway, so go to Start > Control Panel > Add or Remove Programs > Remove ZoneAlarm

Also remove this old version of java while you are there

Java™ 6 Update 2



Next

I would also recommend removing Spybot - Search & Destroy, and Ad-Aware 2007. AVG anti-spyware is excellent and provides enough protection. Those 3 programs are all running processes, so there is bound to be some conflicts there.


You should also try clean up some room from your D: drive, which has less than a gig free space, which can cause a lot of problems.

I also recommend that you run ATF Cleaner to clean up space


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program



Reboot and let me know how it went removing those programs

#6 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 November 2007 - 06:45 PM

Right, I removed everything which you said without a problem.
Ran ATF cleaner which cleaned about 113 MB of whatever
I'll let you know how my music goes whether it gets laggy or not

You said you're not a fan for either zone alarm nor norton, what do you recommend is a good anti virus/firewall type deal?


Oh yes, also, you said taht I should clean my D drive since i only have like 300 MB left.. when i go to my computer it says D: is HP_Recovery I click into it and there is a folder called "Recovery" and an .ini file

When i go into the Recovery folder, it says its empty, and I have it so I am able to see hidden files/folders.

Edited by fivelitre, 05 November 2007 - 06:50 PM.


#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 05 November 2007 - 06:51 PM

Can you list the programs you removed, and post a new HijackThis log. Just so I can make sure there are no traces left over. Generally programs like Norton won't uninstall properly, and will still actually be running on your PC.

I'm not sure which firewalls work on Vista yet. I would recommend just using the Windows Vista firewall until Comodo is working on Vista
http://www.comodo.com/

As for anti-virus, I would recommend AVG anti-virus
http://free.grisoft.com/doc/downloads-prod...s/frt/0?prd=aff


You can also delete the tools that we ran.

#8 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 November 2007 - 06:56 PM

I removed:
Java update 2
Ad-Aware 2007
Zone Alarm
Spybot - Search and Destroy
AVG Anti-Rootkit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:31 PM, on 05/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13012 bytes

Edited by fivelitre, 05 November 2007 - 07:26 PM.


#9 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 05 November 2007 - 07:32 PM

Did it go ok deleting Ad-Aware? Seems to be a left over of it

Run HijackThis, click "Do a system scan only" and check this entry

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe


Close all windows except for HijackThis and click "Fix checked".


Next delete this folder in bold

C:\Program Files\Lavasoft



Send me a new HijackThis log and tell me how your PC is running.

#10 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 November 2007 - 08:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:29 PM, on 05/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Travis\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Travis\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12818 bytes

#11 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 November 2007 - 11:33 PM

And computer seems to be working fine right now, will update if there are any problems.

#12 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 05 November 2007 - 11:47 PM

Well there's not much else I can do. Vista is a bit of a resource hog. It's not malware related so thats good.

Any other problems?

#13 fivelitre

fivelitre
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 November 2007 - 11:49 PM

As of right now I would say no.

aside from when i restart my computer and upon everything starting up I get.. hmm.. I'd have to restart and check it out again in order to give you the exact wording, something about not being able to find a certain file in order to make a restore point?

Either way, I'm leaving for New York tomorrow so I won't be able to be on much so I can tell you about that when I get home.

Thank you again for your help, it is greatly appreciated.

#14 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 06 November 2007 - 01:09 AM

Ok, let me know about this problem when you get back

I get.. hmm.. I'd have to restart and check it out again in order to give you the exact wording, something about not being able to find a certain file in order to make a restore poin






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users