Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winlogon.exe 99% Cpu, Swreg Did Same When Running Dss


  • This topic is locked This topic is locked
2 replies to this topic

#1 jkane001

jkane001

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 27 July 2008 - 07:54 PM

EDIT: I got the DSS app to run after running a registry cleaner. Related to the problem below? I don't know, but the new logs are copied below.

I have been having trouble for weeks with the system grinding to a halt, and finally I was able to get the process list up when it was having trouble, and saw that winlogon was using 99% CPU resources. I have run AVG virus scans, various spyware scans, and come up with nothing. I read the "before you post a HJT log" message, and downloaded DSS to run, but 3-4 times in a row, when I run it, as it begins backing up the registry, it locks up, and this time, it's SWREG.exe that is running at 99%.

Earlier today, I tried to run Spybot Search and Destroy, and it also locked up when trying to backup the registry, which seems like a pattern is emerging.

Deckard's System Scanner v20071014.68
Run by Jeremy on 2008-07-27 21:57:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
61: 2008-07-27 23:56:13 UTC - RP93 - Deckard's System Scanner Restore Point
60: 2008-07-27 22:53:01 UTC - RP92 - Software Distribution Service 3.0
59: 2008-07-27 22:52:03 UTC - RP91 - Installed Windows Defender
58: 2008-07-27 16:03:04 UTC - RP90 - Installed AVG Free 8.0
57: 2008-07-27 15:50:57 UTC - RP89 - ComboFix created restore point


-- First Restore Point --
1: 2008-06-22 22:07:34 UTC - RP33 - Printer Driver CutePDF Writer Installed


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jeremy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:53 PM, on 7/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Belkin\F5D8011v1\Belkinwcui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Jeremy\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeremy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [WG511WLU] "C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F5D8011] "C:\Program Files\Belkin\F5D8011v1\Belkinwcui.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214149304503
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214149414921
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 8642 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.7.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.7.0>
R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R3 AR5416 (Belkin N1 Wireless Notebook Card Service) - c:\windows\system32\drivers\ar5416.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5008 Wireless Network Adapter>
R3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R4 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\program files\belkin\f5d8011v1\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 catchme - c:\combofix\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: ECP Printer Port
Device ID: ACPI\PNP0401\5&28EE5EE0&0
Manufacturer: (Standard port types)
Name: ECP Printer Port (LPT1)
PNP Device ID: ACPI\PNP0401\5&28EE5EE0&0
Service: Parport


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 21:54:47 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 21:38:54 23 --ahs---- C:\WINDOWS\system32\cfdfad3_g.dll
2008-07-27 21:38:47 0 d-------- C:\Program Files\RegSupreme
2008-07-27 19:42:54 0 d-------- C:\Program Files\Trend Micro
2008-07-27 19:25:02 0 d-------- C:\VundoFix Backups
2008-07-27 19:19:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 18:52:06 0 d-------- C:\Program Files\Windows Defender
2008-07-27 12:03:11 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-27 12:03:05 0 d-------- C:\Program Files\AVG
2008-07-27 12:03:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-27 11:51:25 0 d-------- C:\cmdcons
2008-07-27 11:50:31 68096 --a------ C:\WINDOWS\zip.exe
2008-07-27 11:50:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-27 11:50:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-27 11:50:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-27 11:50:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-27 11:50:31 98816 --a------ C:\WINDOWS\sed.exe
2008-07-27 11:50:31 80412 --a------ C:\WINDOWS\grep.exe
2008-07-27 11:50:31 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-27 01:25:17 0 d-------- C:\Program Files\Panda Security
2008-07-27 01:12:22 0 d-------- C:\Program Files\Microsoft Bootvis
2008-07-26 20:51:00 0 d-------- C:\PerfLogs
2008-07-26 01:11:51 101120 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-07-26 01:11:51 0 d-------- C:\Program Files\MagicDisc
2008-07-24 18:16:03 0 d-------- C:\Program Files\LEGO Island
2008-07-23 09:19:35 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Pogo Games
2008-07-20 15:05:23 0 d-------- C:\Program Files\SourceGear
2008-07-20 15:05:23 0 d-------- C:\Program Files\Common Files\Macromedia
2008-07-19 08:45:14 0 d-------- C:\Program Files\Inspector Parker
2008-07-09 19:56:37 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 19:49:57 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-01 09:06:28 0 d-------- C:\Program Files\Ranch Rush
2008-06-29 18:26:53 0 d-------- C:\reports
2008-06-29 16:55:35 0 d--h----- C:\WINDOWS\PIF
2008-06-29 16:54:36 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Windows Desktop Search
2008-06-29 16:53:46 0 d-------- C:\Program Files\Windows Desktop Search
2008-06-29 14:33:52 21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.7.0>
2008-06-29 14:33:43 1296256 --a------ C:\WINDOWS\system32\drivers\ar5416.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5008 Wireless Network Adapter>
2008-06-29 14:33:41 200704 --a------ C:\WINDOWS\system32\UpdateDriver.exe <Not Verified; ; UpdateDriver Application>
2008-06-29 14:33:27 0 d-------- C:\Program Files\Belkin
2008-06-29 01:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Color Wheel Pro
2008-06-29 01:04:35 0 d-------- C:\Program Files\Color Wheel Pro
2008-06-29 01:04:21 0 d-------- C:\Program Files\Color Schemer Studio
2008-06-28 10:32:28 0 d-------- C:\WINDOWS\tiinst
2008-06-28 10:32:01 0 d-------- C:\SWSetup
2008-06-28 09:23:16 0 d-------- C:\Program Files\10 Days Under The Sea
2008-06-28 09:19:22 0 d-------- C:\Program Files\Ancient Quest of Saqqarah
2008-06-28 09:17:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Fitn17
2008-06-28 09:16:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 09:16:29 0 d-------- C:\Program Files\Fitness Frenzy
2008-06-28 09:12:41 0 --a------ C:\Program Files\temp01
2008-06-28 09:12:39 0 d-------- C:\Program Files\bfgclient
2008-06-28 09:10:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-28 01:17:59 0 d-------- C:\Program Files\EclipsePalette
2008-06-27 16:02:39 0 d-------- C:\Program Files\Windows Resource Kits


-- Find3M Report ---------------------------------------------------------------

2008-07-27 21:59:24 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Hamachi
2008-07-27 11:53:39 0 d-------- C:\Program Files\Common Files
2008-07-26 01:35:50 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Mozilla
2008-07-09 19:56:52 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-05 15:34:31 0 d-------- C:\Program Files\IDrive
2008-07-01 15:27:22 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Adobe
2008-06-29 14:33:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 23:22:39 0 d-------- C:\Program Files\MioNet
2008-06-26 01:16:41 0 d-------- C:\Program Files\Microsoft
2008-06-25 21:58:24 0 d-------- C:\Program Files\Microsoft.NET
2008-06-25 21:53:56 0 d-------- C:\Program Files\MSXML 6.0
2008-06-25 03:01:12 0 d-------- C:\Program Files\MSXML 4.0
2008-06-25 00:57:34 0 d-------- C:\Program Files\MultipleIEs
2008-06-25 00:48:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-24 23:46:39 0 d-------- C:\Program Files\Hamachi
2008-06-24 22:38:12 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-24 20:39:23 0 d-------- C:\Program Files\Paint.NET
2008-06-23 22:00:54 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-23 22:00:53 0 d-------- C:\Program Files\Business Objects
2008-06-23 22:00:09 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-23 21:58:40 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-06-23 21:55:10 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-23 21:55:10 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-23 21:32:45 0 d-------- C:\Program Files\MSBuild
2008-06-23 21:26:57 0 d-------- C:\Program Files\Microsoft SDKs
2008-06-23 21:25:15 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-06-23 21:21:10 0 d-------- C:\Program Files\Reference Assemblies
2008-06-23 21:10:51 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Download Manager
2008-06-23 15:08:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-23 15:08:26 0 d-------- C:\Program Files\Windows Live
2008-06-23 00:51:12 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Logitech
2008-06-23 00:49:37 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-23 00:49:08 0 d-------- C:\Program Files\Logitech
2008-06-23 00:48:45 0 d-------- C:\Documents and Settings\Jeremy\Application Data\InstallShield
2008-06-23 00:33:49 0 d-------- C:\Program Files\QuickTime
2008-06-23 00:32:49 0 d-------- C:\Program Files\Apple Software Update
2008-06-23 00:23:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 00:22:48 0 d-------- C:\Program Files\TiVo
2008-06-23 00:22:48 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-06-22 18:26:59 0 d-------- C:\Documents and Settings\Jeremy\Application Data\GlobalSCAPE
2008-06-22 18:26:53 0 d-------- C:\Program Files\GlobalSCAPE
2008-06-22 18:25:25 0 d-------- C:\Documents and Settings\Jeremy\Application Data\HP
2008-06-22 18:21:51 0 --a------ C:\WINDOWS\system32\П
2008-06-22 18:21:32 0 d-------- C:\Program Files\HP
2008-06-22 18:21:07 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-22 18:07:56 0 d-------- C:\Program Files\GPLGS
2008-06-22 18:07:29 0 d-------- C:\Program Files\Acro Software
2008-06-22 18:04:56 0 d-------- C:\Program Files\Compare It!
2008-06-22 17:56:04 0 d-------- C:\Program Files\Microsoft ASP.NET
2008-06-22 17:53:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 17:52:19 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Macromedia
2008-06-22 17:42:05 0 d-------- C:\Program Files\Microsoft Works
2008-06-22 15:05:49 0 d-------- C:\Program Files\Bonjour
2008-06-22 14:53:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-22 13:48:00 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-06-22 13:42:13 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-22 13:19:46 0 d-------- C:\Program Files\HTML Help Workshop
2008-06-22 13:11:22 0 d-------- C:\Program Files\CE Remote Tools
2008-06-22 13:03:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-22 12:29:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-22 12:28:56 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-22 12:00:00 0 d-------- C:\Program Files\Messenger
2008-06-22 11:59:43 0 d-------- C:\Program Files\Movie Maker
2008-06-22 11:58:24 0 d-------- C:\Program Files\Windows NT
2008-06-22 11:36:04 0 d-------- C:\Program Files\AMD
2008-06-22 11:35:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-22 11:34:58 0 d-------- C:\Program Files\Apoint2K
2008-06-22 11:32:37 0 d-------- C:\Program Files\Analog Devices
2008-06-22 11:27:59 0 d-------- C:\Program Files\NETGEAR
2008-06-22 11:24:34 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Identities
2008-06-22 11:19:37 0 d-------- C:\Program Files\microsoft frontpage
2008-06-22 11:19:31 0 -rahs---- C:\MSDOS.SYS
2008-06-22 11:19:31 0 -rahs---- C:\IO.SYS
2008-06-22 11:19:31 0 --a------ C:\CONFIG.SYS
2008-06-22 11:19:31 0 --a------ C:\AUTOEXEC.BAT
2008-06-22 11:17:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-22 11:16:55 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-22 11:16:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-22 11:15:27 0 d-------- C:\Program Files\Online Services
2008-06-22 11:15:18 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-22 07:08:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-22 07:08:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-22 07:06:16 62 --ahs---- C:\Documents and Settings\Jeremy\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [11/09/2004 02:55 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/08/2003 02:40 PM]
"AGRSMMSG"="AGRSMMSG.exe" [09/03/2004 11:52 PM C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="RUNDLL32.exe" [04/13/2008 08:12 PM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [04/08/2004 06:22 AM C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/14/2007 09:17 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"F5D8011"="C:\Program Files\Belkin\F5D8011v1\Belkinwcui.exe" [06/05/2007 10:13 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/27/2008 12:03 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [04/04/2008 10:54 AM]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [04/04/2008 10:54 AM]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [04/04/2008 10:56 AM]

C:\Documents and Settings\Jeremy\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [6/24/2008 11:45:59 PM]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [7/26/2008 1:11:51 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/23/2008 12:49:28 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 05/02/2008 02:42 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c1676b-426d-11dd-a654-000fb04cc27c}]
AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-07-27 22:00:54 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP Processor 3000+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1534.98 MiB / 983.12 MiB
Pagefile Memory (total/avail): 3431.41 MiB / 2942.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.61 MiB

C: is Fixed (NTFS) - 93.15 GiB total, 62.58 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST910021A - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.15 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeremy\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=R3000Z
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeremy
LOGONSERVER=\\R3000Z
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;c:\Program Files\Microsoft SQL Server\90\Tools\binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeremy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jeremy\LOCALS~1\Temp
USERDOMAIN=R3000Z
USERNAME=Jeremy
USERPROFILE=C:\Documents and Settings\Jeremy
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeremy (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
10 Days Under The Sea --> "C:\Program Files\10 Days Under The Sea\Uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems AC'97 Modem --> agrsmdel
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Ancient Quest of Saqqarah --> "C:\Program Files\Ancient Quest of Saqqarah\Uninstall.exe"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belkin N1 Wireless Notebook Card --> C:\Program Files\InstallShield Installation Information\{72652840-1235-4E2C-AABB-5427027FC1AC}\setup.exe -runfromtemp -l0x0009 -removeonly
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Broadcom 802.11 Driver --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Color Schemer Studio --> "C:\Program Files\Color Schemer Studio\unins000.exe"
Color Wheel Pro 2.0 --> "C:\Program Files\Color Wheel Pro\unins000.exe"
Compare It! --> "C:\Program Files\Compare It!\unins000.exe"
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
CuteFTP 6 Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
EclipsePalette --> MsiExec.exe /I{889047C6-F781-46AF-8183-04C661155710}
Fitness Frenzy --> "C:\Program Files\Fitness Frenzy\Uninstall.exe"
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) --> C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) --> C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Update --> MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Inspector Parker --> "C:\Program Files\Inspector Parker\Uninstall.exe"
Internet Explorer Developer Toolbar --> MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LEGO Island --> C:\PROGRA~1\LEGOIS~1\UNINST.EXE C:\PROGRA~1\LEGOIS~1\INSTALL.LOG
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
MagicDisc 2.7.101 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 --> MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 --> MsiExec.exe /I{B0F9497C-52B4-4686-8E73-74D866BBDF59}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{58D379F7-62BC-4748-8237-FE071ECE797C}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.1 --> MsiExec.exe /X{8C6EE0B4-650F-452E-B9C2-882A72227B19}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Management Studio Express --> MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Standard Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Standard Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Standard Edition - ENU --> MsiExec.exe /X{D407F7C0-579E-4CCB-91FD-855CE5084E86}
Microsoft Visual Studio 2005 Standard Edition - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {D407F7C0-579E-4CCB-91FD-855CE5084E86}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2005 Web Deployment Projects --> MsiExec.exe /I{29F0F7F6-3AE6-4A04-B002-8C8CC7AD9BAD}
Microsoft Visual Studio 2008 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 2008 Web Deployment Projects --> MsiExec.exe /I{5F58C6F3-CE94-4F78-BE58-247FBBA18CBA}
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MultipleIEs --> "C:\Program Files\MultipleIEs\unins000.exe"
NETGEAR WG511 54 Mbps Wireless PC Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B1E5CF8-9170-42A2-A88A-A169FBDD128E}\Setup.exe" -l0x9
NVIDIA nForce Drivers --> C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvcp.inf
Paint.NET v3.31 --> MsiExec.exe /X{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PCI 1620 Cardbus Controller and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B1E8784B-A465-4A00-8D5D-E694A1D34A98} /l1033
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Ranch Rush --> "C:\Program Files\Ranch Rush\Uninstall.exe"
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
RegSupreme --> "C:\Program Files\RegSupreme\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SourceGear Vault Client --> MsiExec.exe /I{D23B77E8-DF74-4CB2-9710-B55AF88AE71B}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TiVo Desktop 2.6.1 --> MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type11965 / Warning
Event Submitted/Written: 07/27/2008 09:50:11 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11874 / Warning
Event Submitted/Written: 07/27/2008 08:48:11 PM
Event ID/Source: 3036 / Windows Search Service
Event Description:
The content source <outlookexpress://{s-1-5-21-1614895754-1364589140-725345543-1009}/{00c722c0-e2c8-4e31-aeec-6390564844ba}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
The item cannot be processed further because search failed to find one of its properties. Check that the item is valid in the store. (0x80041213)

Event Record #/Type11706 / Warning
Event Submitted/Written: 07/27/2008 08:34:52 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11629 / Warning
Event Submitted/Written: 07/27/2008 08:28:56 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11197 / Warning
Event Submitted/Written: 07/27/2008 04:46:42 PM
Event ID/Source: 3036 / Windows Search Service
Event Description:
The content source <outlookexpress://{s-1-5-21-1614895754-1364589140-725345543-1009}/{00c722c0-e2c8-4e31-aeec-6390564844ba}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
The item cannot be processed further because search failed to find one of its properties. Check that the item is valid in the store. (0x80041213)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13063 / Warning
Event Submitted/Written: 07/27/2008 10:00:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%R3000Z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %R3000Z27 can't undo changes that you allow.

For more information please see the following:
%R3000Z275

Scan ID: {9981F6E4-BE52-4361-8AF6-C3E5B29DF2C5}

User: R3000Z\Jeremy

Name: %R3000Z271

ID: %R3000Z272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %R3000Z276

Alert Type: %R3000Z278

Detection Type: 1.1.1593.02

Event Record #/Type13062 / Warning
Event Submitted/Written: 07/27/2008 10:00:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%R3000Z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %R3000Z27 can't undo changes that you allow.

For more information please see the following:
%R3000Z275

Scan ID: {E13562C2-EDFD-4DDE-8F6C-8B3624CB82E2}

User: R3000Z\Jeremy

Name: %R3000Z271

ID: %R3000Z272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %R3000Z276

Alert Type: %R3000Z278

Detection Type: 1.1.1593.02

Event Record #/Type13061 / Warning
Event Submitted/Written: 07/27/2008 10:00:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%R3000Z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %R3000Z27 can't undo changes that you allow.

For more information please see the following:
%R3000Z275

Scan ID: {6564C6D7-0201-4BFB-93C0-F546883FAC4C}

User: R3000Z\Jeremy

Name: %R3000Z271

ID: %R3000Z272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %R3000Z276

Alert Type: %R3000Z278

Detection Type: 1.1.1593.02

Event Record #/Type13060 / Warning
Event Submitted/Written: 07/27/2008 10:00:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%R3000Z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %R3000Z27 can't undo changes that you allow.

For more information please see the following:
%R3000Z275

Scan ID: {D09483BF-7296-4FEC-9C14-A523D1AD1BCB}

User: R3000Z\Jeremy

Name: %R3000Z271

ID: %R3000Z272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %R3000Z276

Alert Type: %R3000Z278

Detection Type: 1.1.1593.02

Event Record #/Type13059 / Warning
Event Submitted/Written: 07/27/2008 10:00:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%R3000Z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %R3000Z27 can't undo changes that you allow.

For more information please see the following:
%R3000Z275

Scan ID: {A415BECE-08EF-45C9-BDFE-6698CF58B21D}

User: R3000Z\Jeremy

Name: %R3000Z271

ID: %R3000Z272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %R3000Z276

Alert Type: %R3000Z278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-27 22:00:54 ------------

Attached Files


Edited by jkane001, 27 July 2008 - 09:09 PM.


BC AdBot (Login to Remove)

 


m

#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:32 PM

Posted 08 August 2008 - 09:27 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:32 PM

Posted 13 August 2008 - 07:57 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users