Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Aero Has Dissapeared


  • This topic is locked This topic is locked
2 replies to this topic

#1 billyv77

billyv77

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 23 May 2008 - 10:59 AM

DSS Main

Deckard's System Scanner v20071014.68
Run by Jim on 2008-05-23 10:08:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-05-23 07:19:28 UTC - RP504 - Windows Update
7: 2008-05-23 04:55:34 UTC - RP503 - Installed Kaspersky Internet Security 7.0.
6: 2008-05-22 19:03:24 UTC - RP502 - Device Driver Package Install: ATI Technologies Inc. Display adapters
5: 2008-05-22 16:41:41 UTC - RP501 - Windows Vista Service Pack 1
4: 2008-05-22 15:31:59 UTC - RP500 - Windows Update


-- First Restore Point --
1: 2008-05-20 19:50:01 UTC - RP497 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:37 AM, on 5/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
N:\Windows\system32\taskeng.exe
N:\Windows\system32\Dwm.exe
N:\Windows\Explorer.EXE
N:\Program Files\Windows Defender\MSASCui.exe
N:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
N:\Windows\WindowsMobile\wmdc.exe
N:\Program Files\dvd43\DVD43_Tray.exe
N:\Program Files\iTunes\iTunesHelper.exe
N:\Windows\System32\CTHELPER.EXE
N:\Windows\System32\CTXFIHLP.EXE
N:\Program Files\Common Files\Real\Update_OB\realsched.exe
N:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
N:\Program Files\Windows Sidebar\sidebar.exe
N:\Windows\ehome\ehtray.exe
N:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
N:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
N:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
N:\Windows\ehome\ehmsas.exe
N:\Windows\SYSTEM32\CTXFISPI.EXE
N:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
N:\Program Files\Windows Sidebar\sidebar.exe
N:\Program Files\Windows Media Player\wmpnscfg.exe
N:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
N:\Windows\System32\mobsync.exe
N:\Program Files\Tyrell\MCEBuddy\MCEBuddyConfig.exe
N:\Program Files\WinZip\WZQKPICK.EXE
N:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
N:\Windows\System32\wsqmcons.exe
N:\Windows\system32\mmc.exe
N:\Program Files\Mozilla Firefox\firefox.exe
N:\Users\Jim\Desktop\dss.exe
N:\Windows\system32\SearchFilterHost.exe
N:\Windows\system32\Aurora.scr
N:\PROGRA~1\TRENDM~1\HIJACK~1\Jim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - N:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - N:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - N:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "N:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] N:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] N:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "N:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "N:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "N:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "N:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "N:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] N:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] N:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "N:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [YSearchProtection] N:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [slide.exe] N:\Program Files\Slide\Slide.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] N:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] N:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: CaptureWiz.lnk = N:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MCEBuddy Taskbar Monitor.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = N:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Anti-Banner - N:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://N:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://N:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - N:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - N:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - N:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @N:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - N:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - N:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @N:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - N:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - N:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - N:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - N:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - N:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - N:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O20 - AppInit_DLLs: N:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,N:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - N:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - N:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - N:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - N:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - N:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - N:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - N:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbk_device - - N:\Windows\system32\lxbkcoms.exe
O23 - Service: MCE Buddy Service (MCE Buddy) - Unknown owner - N:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
O23 - Service: NBService - Nero AG - N:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - N:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - N:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SoundMovieServer - SoundMovieServer - N:\Windows\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - N:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11206 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "N:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - n:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pfc (Padus ASPI Shell) - n:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 OemBiosDevice (Royalty OEM BIOS Extension) - n:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
S3 rig3avs - n:\windows\system32\drivers\rig3avs.sys <Not Verified; Native Instruments GmbH; NI Rig Kontrol 3>
S3 rig3usb - n:\windows\system32\drivers\rig3usb.sys <Not Verified; Native Instruments GmbH; NI Rig Kontrol 3>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "n:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MCE Buddy (MCE Buddy Service) - "n:\program files\tyrell\mcebuddy\mcebuddysvc.exe" <Not Verified; ; MCEBuddySvc>

S3 NBService - n:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 SoundMovieServer - "n:\windows\system32\snmvtsvc.exe" <Not Verified; SoundMovieServer; SoundMovieServer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: MusCVideo32
Device ID: ROOT\DISPLAY\0000
Manufacturer: MusCVideo32
Name: MusCVideo32
PNP Device ID: ROOT\DISPLAY\0000
Service: MusCVideo32

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: MusCDriverV32
Device ID: ROOT\MEDIA\0000
Manufacturer: MusCDriverV32
Name: MusCDriverV32
PNP Device ID: ROOT\MEDIA\0000
Service: MusCDriverV32

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: MusCDriverV32
Device ID: ROOT\MEDIA\0001
Manufacturer: MusCDriverV32
Name: MusCDriverV32
PNP Device ID: ROOT\MEDIA\0001
Service: MusCDriverV32

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Files created between 2008-04-23 and 2008-05-23 -----------------------------

2008-05-22 23:57:47 96645 --a------ N:\Windows\system32\drivers\klin.dat
2008-05-22 23:57:47 87941 --a------ N:\Windows\system32\drivers\klick.dat
2008-05-22 23:56:38 85404960 --ahs---- N:\Windows\system32\drivers\fidbox.dat
2008-05-22 23:56:38 0 d-------- N:\Program Files\Kaspersky Lab
2008-05-22 14:19:33 0 d-------- N:\Users\All Users\Kaspersky Lab
2008-05-22 14:19:31 0 d-------- N:\Windows\system32\Kaspersky Lab
2008-05-22 14:12:34 0 d-------- N:\Users\All Users\ATI
2008-05-22 13:51:31 0 d-------- N:\Program Files\Trend Micro
2008-05-22 13:17:55 0 d-------- N:\PerfLogs
2008-05-22 12:20:49 152576 --a------ N:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-22 11:17:06 0 d-------- N:\Program Files\Windows Live Safety Center
2008-05-22 10:20:47 0 d-------- N:\Windows\pss
2008-05-11 12:14:45 0 d-------- N:\Program Files\Qloud
2008-05-08 13:15:45 0 d-------- N:\Program Files\Behavioral Computing Solutions
2008-04-26 11:55:12 0 d-------- N:\Program Files\PokerDice


-- Find3M Report ---------------------------------------------------------------

2008-05-23 06:01:04 12 --a------ N:\Windows\bthservsdp.dat
2008-05-22 23:52:16 0 d-------- N:\Program Files\Common Files
2008-05-22 14:15:51 0 d-------- N:\Program Files\ATI
2008-05-22 14:12:34 0 d-------- N:\Users\Jim\AppData\Roaming\ATI
2008-05-22 14:06:31 0 d-------- N:\Program Files\ATI Technologies
2008-05-22 13:33:38 174 --ahs---- N:\Program Files\desktop.ini
2008-05-22 13:21:19 0 d-------- N:\Program Files\Windows Calendar
2008-05-22 13:21:18 0 d-------- N:\Program Files\Windows Sidebar
2008-05-22 13:21:18 0 d-------- N:\Program Files\Movie Maker
2008-05-22 13:21:17 0 d-------- N:\Program Files\Windows Mail
2008-05-22 13:21:15 0 d-------- N:\Program Files\Windows Collaboration
2008-05-22 13:21:14 0 d-------- N:\Program Files\Windows Journal
2008-05-22 13:21:13 0 d-------- N:\Program Files\Windows Photo Gallery
2008-05-22 13:21:06 0 d-------- N:\Program Files\Windows Defender
2008-05-22 12:45:11 409600 --a------ N:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-22 12:45:11 114688 --a------ N:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-18 09:52:14 0 d-------- N:\Program Files\PokerStars
2008-05-16 09:44:12 0 d-------- N:\Program Files\Common Files\Adobe
2008-05-11 12:14:55 0 d-------- N:\Program Files\iTunes
2008-05-07 12:43:42 0 d-------- N:\Program Files\SPSS Evaluation
2008-05-07 12:39:30 205 --a------ N:\Windows\system32\lsprst7.dll
2008-05-04 02:05:42 0 d-------- N:\Users\Jim\AppData\Roaming\yahoo!
2008-04-24 12:14:12 0 d-------- N:\Program Files\AllMusicConverter
2008-04-23 07:37:32 0 d-------- N:\Users\Jim\AppData\Roaming\CoreFTP
2008-04-22 17:12:14 0 d-------- N:\Program Files\Safari
2008-04-18 12:56:04 0 d-------- N:\Program Files\Vongo
2008-04-18 12:55:08 0 d-------- N:\Program Files\MySpace
2008-04-18 12:54:39 0 d--h----- N:\Program Files\InstallShield Installation Information
2008-04-18 12:54:39 0 d-------- N:\Program Files\Full Tilt Poker
2008-04-16 08:13:53 0 d-------- N:\Program Files\Apple Software Update
2008-04-14 07:02:18 0 d-------- N:\Users\Jim\AppData\Roaming\Intuit
2008-04-14 06:50:25 0 d-------- N:\Program Files\Common Files\AnswerWorks 4.0
2008-04-14 06:43:41 0 d-------- N:\Program Files\Common Files\Intuit
2008-04-14 06:34:18 0 d-------- N:\Program Files\TurboTax
2008-04-10 18:58:21 0 d-------- N:\Program Files\Handbrake
2008-04-08 13:28:17 0 d-------- N:\Program Files\Tyrell
2008-04-07 19:07:44 0 d-------- N:\Program Files\Common Files\ATI Technologies
2008-04-07 18:39:02 0 d-------- N:\Program Files\AGEIA Technologies
2008-04-07 14:02:25 0 d-------- N:\Users\Jim\AppData\Roaming\Apple Computer
2008-04-05 07:43:41 0 d-------- N:\Program Files\iPod
2008-04-05 07:37:46 0 d-------- N:\Program Files\QuickTime
2008-03-19 14:20:11 3407 --a------ N:\Users\Jim\AppData\Roaming\evpro32.prf
2008-03-19 14:01:19 1024 --a------ N:\Users\Jim\AppData\Roaming\evmanage.prf
2008-03-12 14:35:50 184320 --a------ N:\Windows\system32\snmvtsvc.exe <Not Verified; SoundMovieServer; SoundMovieServer>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="N:\Program Files\Windows Defender\MSASCui.exe" [01/18/2008 11:38 PM]
"Acrobat Assistant 7.0"="N:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM]
"@"="" []
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"NeroFilterCheck"="N:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"dvd43"="N:\Program Files\dvd43\dvd43_tray.exe" [05/22/2006 01:26 PM]
"QuickTime Task"="N:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="N:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"CTHelper"="CTHELPER.EXE" [05/10/2007 04:51 PM N:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [05/10/2007 04:52 PM N:\Windows\System32\CTXFIHLP.EXE]
"StartCCC"="N:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"TkBellExe"="N:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/13/2008 08:13 PM]
"AVP"="N:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="N:\Program Files\Windows Sidebar\sidebar.exe" [01/18/2008 11:33 PM]
"ehTray.exe"="N:\Windows\ehome\ehTray.exe" [01/18/2008 11:33 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="N:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"YSearchProtection"="N:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"slide.exe"="N:\Program Files\Slide\Slide.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=N:\Windows\system32\READREG /SILENT /FAIL=1
"CtxfiReg"=CTXFIREG.exe /FAIL1

N:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CaptureWiz.lnk - N:\Program Files\CaptureWiz\Pro\CaptureWiz.exe [9/6/2007 10:48:51 PM]

N:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - N:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [6/28/2007 3:58:14 AM]
MCEBuddy Taskbar Monitor.lnk - N:\Windows\Installer\{BAFC1680-D56C-4079-98B7-B71B99F29647}\_6BCC94CCBDEFDDC8F82198.exe [4/8/2008 1:28:45 PM]
VPN Client.lnk - N:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [6/27/2007 9:45:20 AM]
WinZip Quick Pick.lnk - N:\Program Files\WinZip\WZQKPICK.EXE [7/10/2007 4:34:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=N:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,N:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a01214b-8e01-11dc-b60a-0013720628c1}]
AutoRun\command- F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4333c19-287d-11dc-8435-0013720628c1}]
AutoRun\command- O:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
N:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-23 10:29:34 ------------


DSS Extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 3069.44 MiB / 1729.51 MiB
Pagefile Memory (total/avail): 6353.9 MiB / 5121.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1885.43 MiB

C: is Fixed (NTFS) - 228.03 GiB total, 148.44 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
K: is Fixed (NTFS) - 93.25 GiB total, 52.91 GiB free.
L: is Fixed (NTFS) - 186.25 GiB total, 14.63 GiB free.
M: is Fixed (NTFS) - 186.25 GiB total, 165.33 GiB free.
N: is Fixed (NTFS) - 465.76 GiB total, 238.32 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB1 ATA Device - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 228.03 GiB - C:
\PARTITION2 - Unknown - 4.74 GiB

\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-00TMA0 ATA Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - N:

\\.\PHYSICALDRIVE2 - WDC WD5000KS-60MNB0 ATA Device - 465.76 GiB - 3 partitions
\PARTITION0 - Installable File System - 186.25 GiB - M:
\PARTITION1 - Extended w/Extended Int 13 - 279.5 GiB - K: - L:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=N:\ProgramData
APPDATA=N:\Users\Jim\AppData\Roaming
CLASSPATH=.;N:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CommonProgramFiles=N:\Program Files\Common Files
COMPUTERNAME=JIM-PC
ComSpec=N:\Windows\system32\cmd.exe
DXSDK_DIR=N:\Program Files\Microsoft DirectX SDK (June 2006)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=N:
HOMEPATH=\Users\Jim
LOCALAPPDATA=N:\Users\Jim\AppData\Local
LOGONSERVER=\\JIM-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path="N:\Program Files\Microsoft DirectX SDK (June 2006)\Utilities\Bin\x86";N:\Windows\system32;N:\Windows;N:\Windows\System32\Wbem;N:\Program Files\Nova Development\PhotoImpact Pro\;N:\Program Files\Common Files\Ulead Systems\MPEG;N:\Program Files\Common Files\Ulead Systems\DVD;n:\Program Files\Microsoft SQL Server\90\Tools\binn\;N:\Program Files\Common Files\Roxio Shared\DLLShared\;N:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;N:\Program Files\QuickTime\QTSystem\;N:\Program Files\Qloud\;N:\Program Files\Qloud\;N:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramData=N:\ProgramData
ProgramFiles=N:\Program Files
PROMPT=$P$G
PUBLIC=N:\Users\Public
QTJAVA=N:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
RoxioCentral=N:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=N:
SystemRoot=N:\Windows
TEMP=N:\Users\Jim\AppData\Local\Temp
TMP=N:\Users\Jim\AppData\Local\Temp
USERDOMAIN=Jim-PC
USERNAME=Jim
USERPROFILE=N:\Users\Jim
VS80COMNTOOLS=N:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=N:\Windows


-- User Profiles ---------------------------------------------------------------

Jim


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{C09377D8-DB6A-42B9-9EBE-A670D0ABDB4F}
--> N:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> N:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> N:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> N:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> N:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> N:\Windows\UNNeroShowTime.exe /UNINSTALL
--> N:\Windows\UNNeroVision.exe /UNINSTALL
--> N:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9
--> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3D Control Magic for .NET (DELUXE edition) --> "N:\Program Files\3D Control Magic for .NET\unins000.exe"
A1 DVD Ripper V1.1.19 --> "N:\Program Files\A1 DVD Ripper\unins000.exe"
Adobe Acrobat 7.1.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> N:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> N:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere Pro --> RunDll32 "N:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "N:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
AGEIA PhysX v6.11.13 --> MsiExec.exe /X{C09377D8-DB6A-42B9-9EBE-A670D0ABDB4F}
All My Movies 4.6 --> "N:\Program Files\AllMyMovies\unins000.exe"
AllMusicConverter 3.3.3 --> "N:\Program Files\AllMusicConverter\unins000.exe"
AnswerWorks 4.0 Runtime - English --> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI TV Wonder™ Digital Cable Tuner --> MsiExec.exe /I{CC471A90-F160-42B5-BD97-3A40088BF534}
AVS Audio Tools version 4.4 --> "N:\Program Files\AVSMedia\AudioTools\unins000.exe"
AVS DVDMenu Editor 1.2.1.19 --> "N:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "N:\Program Files\AVSMedia\VideoTools\unins000.exe"
Becky Thesis --> MsiExec.exe /I{B195DB4C-762E-4F5F-A26E-8678636A4D10}
CaptureWizPro 3.A0 --> N:\Program Files\CaptureWiz\Pro\CaptureWiz.exe uninstal
Catalyst Control Center - Branding --> MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Core FTP LE 1.3c --> N:\PROGRA~1\CoreFTP\UNWISE.EXE N:\PROGRA~1\CoreFTP\INSTALL.LOG
Creative Audio Console --> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties --> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 /remove
Demographics SOGS and GFA --> MsiExec.exe /I{31A66115-4EA7-4AA3-A20A-6CFA5B94AD0B}
DivX Codec --> N:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> N:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> N:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Free Codec --> "N:\Program Files\DivX Free Codec\Uninstall.exe"
DivX Player --> N:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> N:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-CLONER V5.00 Build 958 --> "N:\Program Files\Dvd-cloner\unins000.exe"
DVD-to-AVI 3.00 Build 806 --> "N:\Program Files\DVD-to-AVI\unins000.exe"
DVD43 v3.9.0 --> "N:\Program Files\dvd43\unins000.exe"
eMusic Download Manager --> N:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
ExamView Assessment Suite --> N:\Windows\unvise32.exe C:\ExamView\uninst5.log
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Guitar Pro 5.2 --> "N:\Program Files\Guitar Pro 5\unins000.exe"
Handbrake 0.9.2 --> N:\Program Files\Handbrake\uninst.exe
Hemera Photo-Objects 5000 --> N:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AE26E172-5743-40E3-BC11-7C274BC531A3}
HijackThis 2.0.2 --> "N:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> N:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark X1100 Series --> N:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe
Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic Button --> N:\Windows\WindowsMobile\Magic Button\Uninstall.exe Magic Button
MCEBuddy --> MsiExec.exe /I{BAFC1680-D56C-4079-98B7-B71B99F29647}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "N:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "N:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft DirectX SDK (June 2006) --> MsiExec.exe /I{799F774D-7D7B-4B5B-BCA4-E69F5BEEFC7B}
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Document Explorer 2005 --> N:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "N:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "N:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "n:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package --> N:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Academic Edition - ENU --> N:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Standard Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Standard Edition - ENU --> MsiExec.exe /X{D407F7C0-579E-4CCB-91FD-855CE5084E86}
Microsoft Visual Studio 2005 Standard Edition - ENU Service Pack 1 (KB926601) --> N:\Windows\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {D407F7C0-579E-4CCB-91FD-855CE5084E86}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection N:\Windows\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.14) --> N:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Native Instruments - Rig Kontrol 3 Driver --> N:\Program Files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup
Native Instruments Guitar Rig 3 --> N:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE N:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Native Instruments Service Center --> N:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE N:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero 7 --> MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenAL --> "N:\Program Files\OpenAL\OALInst.exe" /U
PhotoImpact Pro --> MsiExec.exe /X{0B8ECA16-E81A-4BDD-87D9-EA8B48EA2292}
PokerDice --> N:\Windows\unvise32.exe N:\Program Files\PokerDice\uninstal.log
PokerStars --> "N:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Qloud Plugin for iTunes --> N:\Program Files\Qloud\iTunesQloudPluginUninstall.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> N:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Behavioral Graphing --> C:\unstall.exe
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Creator v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Visio 2007 (KB947590) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SOTI Pocket Controller-Pro --> RunDll32 N:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "N:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL
SPSS 15 Vista Hotfix --> MsiExec.exe /X{F5E44A35-B8D2-49BD-9608-E00798903151}
SPSS 15.0 for Windows Evaluation Version --> MsiExec.exe /X{EE48D800-A3B5-43E3-B846-1CC556B8170D}
The Ringtone Maker 3.4.0 --> N:\Program Files\TheRingtoneMaker\Uninstall-340.exe
TurboTax Deluxe 2007 --> N:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "N:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Update for Microsoft Visual Studio 2005 Standard Edition - ENU (KB932232) --> N:\Windows\system32\msiexec.exe /promptrestart /uninstall {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} /package {D407F7C0-579E-4CCB-91FD-855CE5084E86}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows Essentials Media Codec Pack 1.0 --> N:\Program Files\Essentials Codec Pack\uninst.exe
Windows Live OneCare safety scanner --> "N:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile 5.0 Pocket PC SDK --> MsiExec.exe /I{BC98294D-DCC5-4BCF-A734-D0C1618DC2D2}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WinRAR archiver --> N:\Program Files\WinRAR\uninstall.exe
WinZip --> "N:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Recorder 11.3 --> N:\Program Files\WMR11\Uninstal.exe
Yahoo! Browser Services --> N:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> N:\Windows\system32\regsvr32 /u N:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> N:\Windows\system32\regsvr32 /u /s N:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Search Protection --> N:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type29571 / Success
Event Submitted/Written: 05/23/2008 06:03:01 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type29557 / Success
Event Submitted/Written: 05/23/2008 06:02:58 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type29556 / Warning
Event Submitted/Written: 05/23/2008 06:02:58 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type29543 / Success
Event Submitted/Written: 05/23/2008 06:02:46 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type29530 / Warning
Event Submitted/Written: 05/23/2008 06:01:01 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-4069616408-2402448298-2516549670-1000:
Process 3240 (\Device\HarddiskVolume4\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-4069616408-2402448298-2516549670-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3240 (\Device\HarddiskVolume4\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-4069616408-2402448298-2516549670-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3240 (\Device\HarddiskVolume4\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-4069616408-2402448298-2516549670-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3240 (\Device\HarddiskVolume4\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-4069616408-2402448298-2516549670-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3240 (\Device\HarddiskVolume4\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-4069616408-2402448298-2516549670-1000\Software\Ahead\Nero Home\MediaLibrary



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type175394 / Warning
Event Submitted/Written: 05/23/2008 10:22:48 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jim-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jim-PC27 can't undo changes that you allow.

For more information please see the following:
%Jim-PC275

Scan ID: {7FAD3A6C-799F-4E0E-943A-31EF2024F91D}

User: Jim-PC\Jim

Name: %Jim-PC271

ID: %Jim-PC272

Severity ID: %Jim-PC273

Category ID: %Jim-PC274

Path Found: %Jim-PC276

Alert Type: %Jim-PC278

Detection Type: 1.1.1600.02

Event Record #/Type175393 / Warning
Event Submitted/Written: 05/23/2008 10:22:48 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jim-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jim-PC27 can't undo changes that you allow.

For more information please see the following:
%Jim-PC275

Scan ID: {F0D98B20-531A-48C2-969B-DED5C70DB87E}

User: Jim-PC\Jim

Name: %Jim-PC271

ID: %Jim-PC272

Severity ID: %Jim-PC273

Category ID: %Jim-PC274

Path Found: %Jim-PC276

Alert Type: %Jim-PC278

Detection Type: 1.1.1600.02

Event Record #/Type175392 / Warning
Event Submitted/Written: 05/23/2008 10:22:48 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jim-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jim-PC27 can't undo changes that you allow.

For more information please see the following:
%Jim-PC275

Scan ID: {5E15B6D7-085F-4D03-BFB4-BA291F1A45BA}

User: Jim-PC\Jim

Name: %Jim-PC271

ID: %Jim-PC272

Severity ID: %Jim-PC273

Category ID: %Jim-PC274

Path Found: %Jim-PC276

Alert Type: %Jim-PC278

Detection Type: 1.1.1600.02

Event Record #/Type175391 / Warning
Event Submitted/Written: 05/23/2008 10:22:46 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jim-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jim-PC27 can't undo changes that you allow.

For more information please see the following:
%Jim-PC275

Scan ID: {D1A8C800-C8B9-48B5-A163-7E830ED1F34E}

User: Jim-PC\Jim

Name: %Jim-PC271

ID: %Jim-PC272

Severity ID: %Jim-PC273

Category ID: %Jim-PC274

Path Found: %Jim-PC276

Alert Type: %Jim-PC278

Detection Type: 1.1.1600.02

Event Record #/Type175390 / Warning
Event Submitted/Written: 05/23/2008 10:22:46 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jim-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jim-PC27 can't undo changes that you allow.

For more information please see the following:
%Jim-PC275

Scan ID: {4D564591-4C38-4385-A699-5E20BEBE823A}

User: Jim-PC\Jim

Name: %Jim-PC271

ID: %Jim-PC272

Severity ID: %Jim-PC273

Category ID: %Jim-PC274

Path Found: %Jim-PC276

Alert Type: %Jim-PC278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-05-23 10:29:34 ------------

Kaversky Report
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 11:36:34 PM
Operating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 795933
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
K:\
L:\
M:\
N:\
Z:\
Scan Statistics
Total number of scanned objects 689428
Number of viruses found 2
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 08:53:28

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cfb124a577ceeb527271d56649edb59_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\681d35c2a5f44661327d310732c12b81_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7491c57d4286144191998879ea5ed757_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a97c8277e1be8e2b9bee43cc1a706ac3_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\632 Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
N:\Program Files\DivX Free Codec\Mpeg2DecFilter.ax Infected: not-a-virus:AdWare.Win32.SeeCha.f skipped
N:\Program Files\Essentials Codec Pack\Mpeg2DecFilter.ax Infected: not-a-virus:AdWare.Win32.SeeCha.f skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
N:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_269.trc Object is locked skipped
N:\ProgramData\McAfee\Common Framework\Db\Agent_JIM-PC.log Object is locked skipped
N:\ProgramData\McAfee\Common Framework\Db\PrdMgr_JIM-PC.log Object is locked skipped
N:\ProgramData\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
N:\ProgramData\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
N:\ProgramData\McAfee\DesktopProtection\EmailOnDeliveryLog.txt Object is locked skipped
N:\ProgramData\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
N:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21c97d48ebd167d2f9eb2db3b38cf1d8_5dcf9f35-d428-45f9-97a8-f8e1ad66b335 Object is locked skipped
N:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
N:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.325.Crwl Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.325.gthr Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy1926.gthr Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfB74.tmp Object is locked skipped
N:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfB75.tmp Object is locked skipped
N:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
N:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
N:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
N:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
N:\Users\Jim\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
N:\Users\Jim\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Outlook\Outljwjacks@siu.edu-00000005.pst Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Outlook\Outlook.pst Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Outlook\~Outljwjacks@siu.edu-00000005.pst.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4AEF8FA5-2F8F-4244-9CAE-1247064ECC12}.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{57C03A47-DDD9-4DC9-8647-2384EA444BC2}.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5C03E7BE-C69F-47F3-BBFA-BDC687B02D67}.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6AA26DF7-5303-449F-B196-7F56510F9CAF}.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\N\Users\Jim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-30c61a2b.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\N\Users\Jim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-30c61a2b.zip ZIP: infected - 1 skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\UsrClass.dat{ff5a6464-248f-11dc-a43a-0013720628c1}.TM.blf Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\UsrClass.dat{ff5a6464-248f-11dc-a43a-0013720628c1}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows\UsrClass.dat{ff5a6464-248f-11dc-a43a-0013720628c1}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows Defender\FileTracker\{261BDE17-6936-42E8-B352-6CE5CFF19414} Object is locked skipped
N:\Users\Jim\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
N:\Users\Jim\AppData\Local\Mozilla\Firefox\Profiles\bfvajnnc.default\Cache\_CACHE_001_ Object is locked skipped
N:\Users\Jim\AppData\Local\Mozilla\Firefox\Profiles\bfvajnnc.default\Cache\_CACHE_002_ Object is locked skipped
N:\Users\Jim\AppData\Local\Mozilla\Firefox\Profiles\bfvajnnc.default\Cache\_CACHE_003_ Object is locked skipped
N:\Users\Jim\AppData\Local\Mozilla\Firefox\Profiles\bfvajnnc.default\Cache\_CACHE_MAP_ Object is locked skipped
N:\Users\Jim\AppData\Local\Qloud\iTunes\iTunesQLoud.db Object is locked skipped
N:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
N:\Users\Jim\AppData\Local\Temp\NAILogs\UpdaterUI_JIM-PC.log Object is locked skipped
N:\Users\Jim\AppData\Local\Temp\vbc129A.tmp Object is locked skipped
N:\Users\Jim\AppData\Local\Temp\vbc594D.tmp Object is locked skipped
N:\Users\Jim\AppData\Roaming\Microsoft\Outlook\Outlook.srs Object is locked skipped
N:\Users\Jim\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm Object is locked skipped
N:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\cert8.db Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\formhistory.dat Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\history.dat Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\key3.db Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\parent.lock Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\search.sqlite Object is locked skipped
N:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\bfvajnnc.default\urlclassifier2.sqlite Object is locked skipped
N:\Users\Jim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-380a10f6.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
N:\Users\Jim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-380a10f6.zip ZIP: infected - 1 skipped
N:\Users\Jim\Music\iTunes\iTunes Library.itl Object is locked skipped
N:\Users\Jim\NTUSER.DAT Object is locked skipped
N:\Users\Jim\ntuser.dat.LOG1 Object is locked skipped
N:\Users\Jim\ntuser.dat.LOG2 Object is locked skipped
N:\Users\Jim\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
N:\Users\Jim\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
N:\Users\Jim\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
N:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_345063786_589824_9077 Object is locked skipped
N:\Users\Public\Recorded TV\TempRec\TempSBE\SBE4E.tmp Object is locked skipped
N:\Users\Public\Recorded TV\TempRec\{19D57D3F-F946-4555-A5A5-B28FB9909606}.TmpSBE Object is locked skipped
N:\Windows\bthservsdp.dat Object is locked skipped
N:\Windows\CSC\v2.0.6\pq Object is locked skipped
N:\Windows\CSC\v2.0.6\temp\ea-{49716931-282c-11dd-b4d3-0013720628c1} Object is locked skipped
N:\Windows\Debug\PASSWD.LOG Object is locked skipped
N:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
N:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
N:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
N:\Windows\SoftwareDistribution\EventCache\{B5CA0366-E47F-4014-86F4-518C2A222977}.bin Object is locked skipped
N:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
N:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
N:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
N:\Windows\System32\catroot2\edb.log Object is locked skipped
N:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
N:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
N:\Windows\System32\config\COMPONENTS Object is locked skipped
N:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
N:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
N:\Windows\System32\config\DEFAULT Object is locked skipped
N:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
N:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
N:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
N:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
N:\Windows\System32\config\RegBack\SAM Object is locked skipped
N:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
N:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
N:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
N:\Windows\System32\config\SAM Object is locked skipped
N:\Windows\System32\config\SAM.LOG1 Object is locked skipped
N:\Windows\System32\config\SAM.LOG2 Object is locked skipped
N:\Windows\System32\config\SECURITY Object is locked skipped
N:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
N:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
N:\Windows\System32\config\SOFTWARE Object is locked skipped
N:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
N:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
N:\Windows\System32\config\SYSTEM Object is locked skipped
N:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
N:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
N:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
N:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
N:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
N:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
N:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
N:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
N:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
N:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
N:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
N:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
N:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
N:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
N:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
N:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
N:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
N:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
N:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
N:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
N:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
N:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
N:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
N:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
N:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
N:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
N:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
N:\Windows\WindowsUpdate.log Object is locked skipped
Scan process completed.



Help Me

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:53 PM

Posted 23 June 2008 - 02:11 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:53 PM

Posted 01 July 2008 - 05:21 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users