Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attune Program Installed Itself From Game Install Disk


  • Please log in to reply
1 reply to this topic

#1 marricco

marricco

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 18 April 2008 - 10:01 AM

Deckard's System Scanner v20071014.68
Run by margie on 2008-04-18 07:40:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-04-18 14:40:45 UTC - RP664 - Deckard's System Scanner Restore Point
5: 2008-04-18 10:16:31 UTC - RP663 - Software Distribution Service 3.0
4: 2008-04-18 09:42:41 UTC - RP662 - Restore Operation
3: 2008-04-18 09:27:20 UTC - RP661 - Removed Attune
2: 2008-04-18 08:32:39 UTC - RP660 - Installed Attune


-- First Restore Point --
1: 2008-04-17 07:26:14 UTC - RP659 - Installed Windows Media Format SDK KB898549.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-18 07:45:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dmadmin.exe
C:\Program Files\Toshiba\TouchED\TouchED.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\toshiba\ivp\ISM\Ivpsvmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\margie\Local Settings\Temporary Internet Files\Content.IE5\23GAN7YA\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O1 - Hosts: 192.168.1.18 HP000E7FD483E8
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p hpLaserJet1300n_copy_2 -pn "hp LaserJet 1300n PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: https://www.youtube.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126951052566
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://comcast.oberon-media.com/online2/ch...mjolauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8656.0255555556
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: bw+0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {c1118631-b71a-43bf-a9b4-2f3ac421a05a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: offline-8876480 - {C1118631-B71A-43BF-A9B4-2F3AC421A05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


--
End of file - 25516 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R0 TVALD (Toshiba ACPI-Based Value Added Logical Device Driver) - c:\windows\system32\drivers\tvald.sys <Not Verified; Toshiba Corporation; Toshiba ACPI-Compliant Value Added Logical Device>
R0 TVALG (Toshiba Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalg.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Value Added Logical and General Purpose Device Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ApfiltrService (Alps Pointing-device Filter Driver) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 TNET1130x (Wireless-G Notebook Adapter v.2.0) - c:\windows\system32\drivers\tnet1130x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin 802.11g Wireless Card
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_701A1799&REV_01\5&13CF8B29&0&0058F0
Manufacturer: Belkin Components
Name: Belkin 802.11g Wireless Card
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_701A1799&REV_01\5&13CF8B29&0&0058F0
Service: RT2500


-- Scheduled Tasks -------------------------------------------------------------

2008-04-17 21:17:18 424 --ah---c- C:\WINDOWS\Tasks\User_Feed_Synchronization-{925D9A77-63A9-46D6-8AFD-1BB167B73639}.job
2008-02-24 18:32:12 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-18 03:34:38 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 03:34:36 0 d------c- C:\WINDOWS\system32\Kaspersky Lab
2008-04-18 03:19:12 139536 --a----c- C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:34:42 0 d------c- C:\Program Files\Aveo
2008-04-18 01:34:30 46352 --a----c- C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:34:28 171280 --a----c- C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:34:24 6550 --a----c- C:\WINDOWS\jautoexp.dat
2008-04-18 01:34:23 313856 --a----c- C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-18 01:33:54 113 --a----c- C:\WINDOWS\system32\zonedon.reg
2008-04-18 01:33:54 113 --a----c- C:\WINDOWS\system32\zonedoff.reg
2008-04-18 01:33:54 171792 --a----c- C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:53 286992 --a----c- C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:53 21264 --a----c- C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:52 947472 --a----c- C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:52 154384 --a----c- C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:52 172304 --a----c- C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:52 15120 --a----c- C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:51 404752 --a----c- C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:51 63248 --a----c- C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:50 187152 --a----c- C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:33:47 49424 --a----c- C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-18 01:30:56 0 d------c- C:\Program Files\Cosmi
2008-04-18 01:29:27 299520 --a----c- C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-17 02:22:28 0 d------c- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-04-17 00:25:43 6815744 --a------ C:\Documents and Settings\margie\ntuser.dat
2008-04-17 00:25:42 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-16 23:30:51 0 d------c- C:\Documents and Settings\margie\Application Data\Chessmaster Challenge
2008-04-16 23:26:01 0 d------c- C:\Program Files\Yahoo! Games
2008-04-10 18:53:00 0 d------c- C:\Program Files\Gamevance
2008-04-10 10:54:10 233536 -ra----c- C:\WINDOWS\Instexec.exe <Not Verified; Logitech; Logitech>
2008-04-10 10:53:57 233536 -ra----c- C:\WINDOWS\system32\InstExec.exe <Not Verified; Logitech; Logitech>
2008-04-10 10:53:21 0 d------c- C:\Program Files\Common Files\Logitech
2008-04-10 10:52:52 262144 --a----c- C:\WINDOWS\system32\ElkCtrl.exe <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-04-10 10:52:52 57344 --a----c- C:\WINDOWS\system32\ElkCtlPS.dll <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-04-10 10:51:12 0 d------c- C:\Program Files\Logitech
2008-04-06 17:57:00 28672 --a----c- C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-04-06 17:56:57 0 d------c- C:\Program Files\MyWebSearch
2008-04-06 16:35:01 0 d------c- C:\Documents and Settings\All Users\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-04-17 04:01:38 0 d------c- C:\Program Files\Common Files
2008-04-17 04:01:38 0 d------c- C:\Program Files\Common Files\AOL
2008-04-15 23:23:24 0 d------c- C:\Documents and Settings\margie\Application Data\Adobe
2008-04-12 01:32:36 0 d------c- C:\Program Files\Uniblue
2008-04-12 01:32:35 0 d------c- C:\Documents and Settings\margie\Application Data\Uniblue
2008-04-12 01:32:01 0 d------c- C:\Program Files\Rhapsody
2008-04-11 12:10:42 0 d------c- C:\Program Files\Java
2008-04-11 01:13:19 0 d------c- C:\Program Files\Windows Media Connect 2
2008-04-10 10:52:26 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-06 20:52:56 0 d-a----c- C:\Program Files\FunWebProducts
2008-04-06 17:42:30 0 d------c- C:\Documents and Settings\margie\Application Data\AdobeUM
2008-04-06 16:35:44 0 d------c- C:\Program Files\Common Files\Adobe
2008-03-10 16:22:01 0 d------c- C:\Program Files\Microsoft IntelliType Pro
2008-03-07 20:36:04 0 d------c- C:\Program Files\iTunes
2008-03-07 20:35:17 0 d------c- C:\Program Files\iPod
2008-03-06 03:40:43 0 d------c- C:\Program Files\iTunes(3)
2008-03-06 03:40:41 0 d------c- C:\Program Files\iPod(3)
2008-02-28 21:37:00 0 d------c- C:\Program Files\iTunes(2)
2008-02-28 21:36:58 0 d------c- C:\Program Files\iPod(2)
2008-02-24 19:57:04 4 --a----c- C:\WINDOWS\system32\30E997
2008-02-24 18:52:19 0 d------c- C:\Program Files\Bonjour
2008-02-24 18:49:04 0 d------c- C:\Program Files\QuickTime
2008-02-24 18:31:51 0 d------c- C:\Program Files\Apple Software Update
2008-02-18 02:45:44 0 d------c- C:\Documents and Settings\margie\Application Data\WinRAR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}]
04/10/2008 06:53 PM 225280 --a--c--- C:\Program Files\Gamevance\gvtl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [07/31/2002 11:41 AM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/16/2002 12:41 AM]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [04/15/2002 06:35 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 08:28 PM C:\WINDOWS\system32\000StTHK.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/17/2003 04:02 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [03/31/2003 06:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"nwiz"="nwiz.exe" [10/17/2003 04:02 PM C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [06/22/2004 09:05 AM]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"Pinger"="C:\toshiba\ivp\ISM\pinger.exe" [07/15/2002 02:51 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"IVPServiceMgr"="C:\toshiba\ivp\ISM\ivpsvmgr.exe" [07/15/2002 02:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" [04/06/2008 05:56 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe" [04/06/2008 05:56 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [09/01/2005 01:04 PM]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [09/07/2005 06:33 AM]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [09/07/2005 06:39 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 06:22 PM]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [04/10/2008 06:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe" [04/06/2008 05:56 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [04/10/2008 10:51 AM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [01/18/2005 05:07 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/10/2008 10:51:37 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [6/27/2005 10:21:58 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HP Status Server"=3 (0x3)
"HP Port Resolver"=3 (0x3)




-- Hosts -----------------------------------------------------------------------

192.168.1.18 HP000E7FD483E8


-- End of Deckard's System Scanner: finished at 2008-04-18 07:48:48 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Celeron® CPU 1.80GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 255.36 MiB / 98.73 MiB
Pagefile Memory (total/avail): 616.79 MiB / 307.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.94 GiB total, 14.98 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK3018GAS - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.94 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\margie\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks\
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XP_CRAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\margie
LOGONSERVER=\\XP_CRAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\margie\LOCALS~1\Temp
TMP=C:\DOCUME~1\margie\LOCALS~1\Temp
USERDOMAIN=XP_CRAPTOP
USERNAME=margie
USERPROFILE=C:\Documents and Settings\margie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

margie (admin)
Admin.XP_CRAPTOP (admin)
sarah
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis True Image --> C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Belkin 802.11g Wireless Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1F9C281-41BB-46C9-A633-81B014914B9C}\Setup.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Chessmaster Challenge --> MsiExec.exe /X{8386E3AD-7DEA-1D17-601E-644D9C84C19B}
Chessmaster Challenge (remove only) --> C:\Program Files\Yahoo! Games\ChessmasterChallenge\Uninstall.exe {8386E3AD-7DEA-1D17-601E-644D9C84C19B}
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
Family Law Software Planner 2005 --> C:\PROGRA~1\FLSPlan\UNWISE.EXE C:\PROGRA~1\FLSPlan\INSTALL.LOG
Gamevance --> C:\Program Files\Gamevance\gvun.exe
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp LaserJet 1150 / 1300 --> MsiExec.exe /x {1485B7CD-4CBD-4039-8EAE-5A22993D7F54}
hp psc 1310 series --> rundll32 hpzcon10.dll,VendorJettison hp psc 1310 series
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel® PRO Network Connections Software v10.0.27.0 --> C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\margie\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
jv16 PowerTools 2005 --> "C:\Program Files\jv16 PowerTools 2005\unins000.exe"
Karu --> "C:\Program Files\games\Karu\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Logitech Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}\setup.exe" -l0x9
Luxor --> "C:\Program Files\Luxor\unins000.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Carioca Rummy --> MsiExec.exe /I{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
My Web Search (My Fun Cards) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsbar.dll,O
Network Device Switch 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
NVIDIA DVD Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Psychoballs --> "C:\Program Files\Psychoballs\unins000.exe"
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Scrabble 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2AAD0AD0-99DB-4C13-9796-D4205949B447}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
The Print Shop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}\setup.exe" -l0x9 anything
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe"
TOSHIBA Management Console Version 3.5 (3.5.2) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
Toshiba Software Upgrades --> C:\toshiba\ivp\swupdate\UNWISE.EXE C:\toshiba\ivp\swupdate\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.04.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Safety Scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB898549 --> "C:\WINDOWS\$NtUninstallKB898549$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4512 / Error
Event Submitted/Written: 04/18/2008 07:32:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4500 / Error
Event Submitted/Written: 04/18/2008 05:04:50 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4499 / Error
Event Submitted/Written: 04/18/2008 03:33:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4487 / Warning
Event Submitted/Written: 04/18/2008 02:34:14 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type4485 / Error
Event Submitted/Written: 04/18/2008 02:27:19 AM
Event ID/Source: 11719 / MsiInstaller
Event Description:
Product: Attune -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type181406 / Error
Event Submitted/Written: 04/16/2008 11:08:08 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer MARRICDT using any of the configured
protocols.

Event Record #/Type181405 / Error
Event Submitted/Written: 04/16/2008 11:08:06 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer MARRICDT using any of the configured
protocols.

Event Record #/Type181404 / Error
Event Submitted/Written: 04/16/2008 11:07:24 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer Dell4margie using any of the configured
protocols.

Event Record #/Type181403 / Error
Event Submitted/Written: 04/16/2008 11:07:03 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer MARRICDT using any of the configured
protocols.

Event Record #/Type181402 / Error
Event Submitted/Written: 04/16/2008 11:07:00 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer MARRICDT using any of the configured
protocols.



-- End of Deckard's System Scanner: finished at 2008-04-18 07:48:48 ------------

KASPERSKY ONLINE SCANNER REPORT
Friday, April 18, 2008 7:02:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/04/2008
Kaspersky Anti-Virus database records: 713890


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 102873
Number of viruses found 21
Number of infected objects 39
Number of suspicious objects 10
Duration of the scan process 03:12:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00592d6f8b185058a614a983095307e1_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01b624620a4ea372680c3fccec45d02f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02bf09fdc40dd97ed5da01c6bdbae23b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02f2f15c1303de35e3f4a48391039e80_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\042a004e919678bb2237b3027dc19c63_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04e554df5d46bc631c1b9d904b292d72_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\087bb10c01a34182cdfe486cd4660e90_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b9d039299987f5c6977247ab7af544e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1d2020feaef2e891118d39f9902765_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f2d1824981e488920401b35e937904b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fa1433a14b8e26344cae048dc8879e7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fadb2d3f2e2d4fcdc632e559690652b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fbdbdc8df1c5cb3475be6f95822e1a1_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1071e45f7290768ce06c74d052165274_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10e070056d17708002e1b36e8672fab1_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\149e28931419801d358d025f3059a3c0_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15d8940e841a43b0c7de155fdce92067_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\160447f5aff031edfbd26c92285a9404_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18b276ef7d091182b3a712a167a50e58_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18d65efd57d915dc0a372429df04fc2d_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1964f36c7876af23fcd680ac6d3f591b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c9bff0ef9f8befa1b6684c92d7d792d_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e488c22eaaeb36c76f2a8eef998f135_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f62b8cc41e6881f24ed0504429b52ec_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22c6116cd605c17d0b62970ec3a2edd8_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22f9a46178e554785491cba4b2341dcb_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\245e3fb3e773786b2c59ad3fe01bf529_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2507f9b98aa2c7f8cdfa0635171cd484_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28da186a531740822edfb275a3f51a70_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bcc94423926a29bb144977c9c7656d4_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c7c3b26d6f589d1975e30ecd5482ef2_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d7eeb60ea09f0edcf03224db5781e6a_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ef65d8da330b8306cc90befcbc40003_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3047f7b28ad9f925afbc08b8a77779e2_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3130cc76fba6c72ba47fd21c2b559a0b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33bc0cc4688a4e02bd0a20e54f66014e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\348d5434c95126ca01012bc2ea8ab442_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3811453d16a3c3b4844003f74139a1e0_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a8f8d21effb059ccb0b428c7ca21ab7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bd1c3a40027a82d690070e007b8d5fe_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dbac99a8ae1759cf946e3287750ad40_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e154ae31b81ae79de3ed6a7303fd5ad_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e3580ee9f54530563ca3fb67f889a9f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fc276dce4a77a0c07c1311ef943eb59_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fc936009ff476e2c24085f99ff0f865_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fcff0acdf1d35ad39eb02462888ab5c_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fe0054758578a8e10b5a1b89a6107fc_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40694979105d64ed1e4ae332364d2a08_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4335509106469f78b9ecb81d766497b7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4482227a052e172a5713a55da9b93a2b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44b1d7b052dccb2faec4064e66d8717f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\462c3af19dcadeab69da2b3fb5b74f3b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46fe4fc97be4a89ed2bf27e9f6d308fe_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4706fddf15ce0d2ad9e7c5b06b550dad_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4814a30b447a16c19dd974e5d824611d_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\488047b2720347fb5a983531624d63b1_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a7c0ccb29aa6a82e2f1671ad43308b4_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c56b6ca4fb70a4b3c113cdd4f9965a4_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d235a817a3e9274bc243e4c37c86d15_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fba690089199e4670ecd48521cada77_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50372219f868059bb6d48521a1aa0b69_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5276563f81be8f63479a4685703fbd2f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53e22511fbc2e3bb540e1838f885a0cc_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\556303bf483732d626e16ec4f81d0818_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5651080b2ff5aa2b0c3bf50a13c620d7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\565220975b367139ff5fac3ab72297c3_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\567bb1394d12aade566592c9399c39cb_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59ff787dd4a2c7d157eacdf9a9f5c6ca_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a8eda384b9e6ccc4079ca3ff9c57641_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c4bd8d5139dc0435f2e5f90df55f9c5_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d633183c72cfe00681dc28886dc32f7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5efe23e9812b9cc3d3290ea7955d8372_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f46ca76cf45bd037c88935ac9a25f89_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\603041ebba0bf77096b1231df16887df_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\632d6e9bbd317dd0eaa8b409760d84e5_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6342c0a59703d2820f316246cccdbc04_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65221a0e1cf1bb1e99cf8dc4031bcc2b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66011ba3b1e04ee1ca35df4a09eb029e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\670405d86e3a943d52d483774d70b6db_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\680460c07cddcd6e9d0bd1c5a8bd6bd0_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c0024299226abb8f980ceba98ceea38_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70e45a6ef241d3ec9db83dfc52e09c25_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71c03ca1511e0a17da951c75542eb8a7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7259d90415cd84e6e96040dc426c8b90_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\736b846c9fc3299ce8f74e1fa13a271a_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76310f3c0102d46970487170506505db_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76d82722b3c026a27691908cc668fd48_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77c9c35038437f0a7f17880101778be1_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77df18550c9450e383597cdad16a5b89_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78851296d718185c89943bd03fd5141e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\791380f1f25214dc7669eab800ad1759_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c0ef7d23fb6459dbd309523d5132647_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d2d66d3ea01d4d2f3063eb76b853c82_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84536738d61ad32726131bf8ed92d6a7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86322b237582210791ec74185991c405_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8822d901189c42200dc4318d7e8a9161_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88794ea56ffd9a5c3a2bbe22c35f064b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88f1ade7244cde5e543b86152c87821f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\892d162a01a26160e673630016753ea5_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ae426333cdfb9632f35d842ee2c4ae9_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c16be032d93451fa34f63ce6474f348_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d5ece88b0781bfd92176647aa4aeb28_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d6e5ae3a35f404114764d37dea1a333_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9117aa5c3b35df5fb9ba4e1b740f2001_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91743f432d035f134c11da501b28f690_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\919c5724ed5c5a95c6db1057c1ba1d8e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93d86e2de5b1108829386b52e5784725_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93d8a82269281f0c7886d399b3dcdf62_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95bd4089b115810e98062f7303ff3e26_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97846d045c68eb12e5710096e5d2c6ee_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98be461fa6dd105d894a0d7806447539_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a0b1221094c02a08f7786e29da6e823_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b493a1051a7b2c5c207703eca18c1e7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c1a6c0e8e8b7a27f4a23e9761ddda31_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e2eaa4302dbbf6e81eaf85a3c66ab7f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eb10917fbfe4fa00efb06cc711c1cf6_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0212f3d0e877b0e6c461e755720671f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a022737f85f56acf2bff1421340df47d_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a04e3b9184cf56d1d526118ce81ac408_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0b8ad1d5d75a41a45e3ec786653845e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0c010f2468849b42a94dec86b11cc32_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1a91605ccd578aa2beb1f1e7ed50784_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3490e7c6c45a968cf84ed6e6d51cfd3_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7d7937c20f22e720a40950e0206bcf4_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9933b56c5fd50fe6a54cddd518f5c4e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad51c7e367f9a4ef4155cc68db9a127a_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad7ec6300a7ac7b00618ccadbba6415e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ade48a965a963d713fc499cb3e86916e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af051d707d03ae29b726a2a68c97a03b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2101e207031dad2f4270db0cc29c467_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b42122a44701d0ef1b990d7102a97cbe_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b53080fb7f40fd5121f906a6b255dc27_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b592b3ce094f754ed2990a379fd8f522_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6fcd9261e1f20ab12253001912db0aa_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7e3b6f09596b5da79b10dcc663d6eac_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b807fd0bf35043efed2ff3bf1d9d2db5_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b89ab3209d3c215831d59946b5356be8_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb0995e117b0ca95db0ca8f6463077b5_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb4328cca2f6ac48418c0eb022039822_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc04728d66ae738421c994d99ef41ca3_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc0a17bc2c425c31c88f092a9b96e166_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd075f0b676e964aa1ee0b6102724e8c_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be1504d75c4cbd204bee2c4ac852dd15_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0eaf1e8bb70300ff123ba1ea4527aba_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2cfb6d6b1ef7a9e7796a45aa9b694b8_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c955510be0f8160664e40c1bdd8acf84_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca255a96d132fe5a00aff0bcde43da5f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbbf421372b439f2df6c42dce290bec0_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc6f7abc87ad255b24e3d89f9dbc1102_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd1351a1a6e9c324610645c85b7db0dd_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd4eb998235885e3deb9c6d1083feefc_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce97b64f0a9c3b1ebfa1a9a220a50509_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ceff105218f146cad420786584d61583_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf038519ffd991983124dfb0efd60e40_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d279d9690dcee31beadd99d43ef54fcb_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d87069ea09e7d1f7b295bde9dc3f5aea_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d99891d1062d496fe568ea418a23028e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df7d244645aafee3a530d5fd7bd2252f_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfaa09f03fc24891ceb0c77f59544478_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0fc5d7235d1b0e05df318a7c279ab13_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1fba21eb66ad35c0918bfcdbd5317ac_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e392eef5ead417778b47329f630b07ca_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e45f786ca840e5117006907c9c42a1e9_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4767b38c9cd25ce41a619cfb1a138ad_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4d3c6b2733358013d5129272181c84d_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e75c700746e1bc1c2c47b7d371254946_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8d550defb6effe89c059460851f5f75_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebf46951b5688b03929e917670d426f0_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef1f46d1016e6cada4bee78bfdae5f1e_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f01228c91204af2af57a20b296d48b99_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f05b62db096cfe31a17742d8b79016a9_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0e514943b5e3c0401ef436ca74bf356_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1643c126cb5c2a1b67bb046955e4538_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1dbbd436325ab33e7a263ea645bca9c_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f46ca531a28e8a75010aa9e999df5d2b_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f71a97609b981cdf37e3df654e683132_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c0b7c4b1852a924b9d5aabbd6955bb_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa98a631949a37b116803190346ec90a_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb142ebdefdbb71fe6cab3ed262b85bc_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbc4327416b347cfef6e631e6a0c9572_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcaf9006be20b1c7d1d49d92ee85eeac_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fedb4ccea2c5f2b8fc47e707de7a6cc7_a0ee9abc-933d-4565-a996-3523508426e3 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped

C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\margie\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/30 Nov 2004 18:56 to spoof@wamu.com; spam@uce.gov; uce@ftc.gov:F.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/08 Jan 2005 22:45 to dan@pelhamdesign.com:FW: PayPal® Account Re.eml Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/01 Feb 2005 20:34 to Steve Adkinson:FW: Important Information Fr.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/23 Sep 2005 00:34 to spoof@ebay.com:FW: Regarding your account w.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/03 Nov 2005 21:16 to paypal:FW: PayPal Account Notice.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/03 Nov 2005 23:06 to paypal:FW: PayPal Flagged Account.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/31 Jan 2006 07:50 to spoof@ebay.com:FW: eBay Inc: client's data .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/from friends/03 Sep 2005 23:19 from Daniel Pelham:FW: eBay Inc: Official Info/03 Sep 2005 09:51 to dan@pelhamdesign.com:eBay Inc: Official Inf.html Infected: Trojan-Spy.HTML.Bayfraud.hl skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/05 Jun 2003 02:05 from eric@tealane.com:Approved/application.pi Infected: Email-Worm.Win32.Sobig.c skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/18 Sep 2005 19:06 from eBay - # 32324:Regarding your account wi.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/16 Oct 2005 21:39 from eBay:eBay: Urgent Security Notification F.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/03 Nov 2005 20:46 from service@paypal.com:PayPal Account Notice.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/03 Nov 2005 21:05 from PayPal:PayPal Flagged Account.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/07 Dec 2005 01:03 from service@paypal.com:PayPal Account Suspens.html Infected: Trojan-Spy.HTML.Paylap.je skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 4, suspicious - 10 skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\margie\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\margie\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Temp\jar_cache30587.tmp Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Temp\~DF33A6.tmp Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Temp\~DF343C.tmp Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Temp\~DF6A3D.tmp Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Temp\~DF6A78.tmp Object is locked skipped

C:\Documents and Settings\margie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\margie\ntuser.dat Object is locked skipped

C:\Documents and Settings\margie\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\TowerBlasterSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\BWDocMap.pht Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\BWInfopakMap.pht Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\L0000002.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\margie\Data\storydb.idx Object is locked skipped

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_margie.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_margie.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_margie.log Object is locked skipped

C:\RECYCLER\S-1-5-21-1614895754-842925246-854245398-501\Dc2.lnk Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\00010007.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B41921F4-E144-45B5-A664-EC81E9C3FC4B}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:42 PM

Posted 02 May 2008 - 08:25 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users