Announcement

Collapse
No announcement yet.

A wonderful birthday present...

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #16
    Ok I can sum that up with one phrase....

    Holy S#!^

    Where did you copy that from? Using Process Explorer?
    Are you sure you aren't running more than one virus scanner? I see remnants of a couple (briefly looking at it...maybe not but possible)
    First thing I'd get rid of is aolsoftware.exe

    Click on Start > RUN > type 'msconfig' without quotes.
    Click on the startup tab and see what you have there that is starting up... Post it if you have to. Take a SS, or whatever, but remove the unnecessary items from startup.

    Download CCleaner from www.ccleaner.com and run it with the default options, and then once you run the Cleaner scan, next run the Registry scan, with the default options... (by default I mean don't check any extra boxes or remove any check marks from any of them)

    But before you run this process explorer, you want to close out everything in the systray that you can so that you eliminate all the extra stuff that doesn't need to be listed.

    NEXT thing you need to do is download this and install it. Once installed, it will update. Once it does the update, you will want to update it again manually by clicking Options Tab and then clicking the UPDATES tab, and then click "Update Now". (you can configure this to do whatever later, but in the meantime update it manually for right now.) Once it is done updating, try to update it again until it doesn't have any lines that say "Retrieving ... ".

    Once you complete that, open the main PP console and click on your "C" Drive and add it over to the RIGHT pane. Then click START up in the top right hand corner. Lets see what you come up with, and let it run until it says finished down in the bottom left hand corner of the PP window.

    Last but not least, Are you running VISTA?

    Comment

      #17
      Originally posted by -IRC-MIKE
      Ok I can sum that up with one phrase....

      Holy S#!^

      Where did you copy that from? Using Process Explorer?
      Are you sure you aren't running more than one virus scanner? I see remnants of a couple (briefly looking at it...maybe not but possible)
      First thing I'd get rid of is aolsoftware.exe

      Click on Start > RUN > type 'msconfig' without quotes.
      Click on the startup tab and see what you have there that is starting up... Post it if you have to. Take a SS, or whatever, but remove the unnecessary items from startup.

      Download CCleaner from www.ccleaner.com and run it with the default options, and then once you run the Cleaner scan, next run the Registry scan, with the default options... (by default I mean don't check any extra boxes or remove any check marks from any of them)

      But before you run this process explorer, you want to close out everything in the systray that you can so that you eliminate all the extra stuff that doesn't need to be listed.

      NEXT thing you need to do is download this and install it. Once installed, it will update. Once it does the update, you will want to update it again manually by clicking Options Tab and then clicking the UPDATES tab, and then click "Update Now". (you can configure this to do whatever later, but in the meantime update it manually for right now.) Once it is done updating, try to update it again until it doesn't have any lines that say "Retrieving ... ".

      Once you complete that, open the main PP console and click on your "C" Drive and add it over to the RIGHT pane. Then click START up in the top right hand corner. Lets see what you come up with, and let it run until it says finished down in the bottom left hand corner of the PP window.

      Last but not least, Are you running VISTA?
      OK lets start with the slew of questions !

      I got that from the process explorer under the save as ...

      Should only have AVG antivirus, but theres several diff components to it...

      Might have been running AIM at the time where aolsoftware.exe was running. Unsure.

      In the msconfig, there is only 14 things. All I know except this:

      Startup Item: BgMonitor_(79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
      Manufacturer: Unknown
      Command: "C:\Program Files\Common Files\Lib\NMBgMonitor.exe"
      Location: HKCU\SOFTWARE\MICROSOFT\windows\currentversion\run

      Judging by the location, I would think it is benign.

      I'm goin to download and install and run the other things tomorrow. There is a school project (a video to be specific) that I just need to finish before I start messing around.

      Thanks for all the help mike, been great havin you around

      PS: yes, vista home prem
      [img]http://img149.imageshack.us/img149/120/latinsigsj0.jpg[/img] [img]http://sigs.2142-stats.com/BenKenobi_player_7511.png[/img] [img]http://www.ronpaul2008.com/img/public_banners/hope-banner1.gif[/img] [url=http://www.cainslair.com/paypal2Cain.htm/]
      You will donate to Cain's. Now.[/url]

      Comment

        #18
        NMBgMonitor.exe is part of Nero

        Comment

          #19
          Originally posted by BenKenobi
          This is what I got Process PID CPU Description Company Name
          System Idle Process 0 98.49
          Interrupts n/a Hardware Interrupts
          DPCs n/a Deferred Procedure Calls
          System 4
          smss.exe 356 Windows Session Manager Microsoft Corporation
          csrss.exe 484 Client Server Runtime Process Microsoft Corporation
          wininit.exe 532 Windows Start-Up Application Microsoft Corporation
          services.exe 576 Services and Controller app Microsoft Corporation
          svchost.exe 776 Host Process for Windows Services Microsoft Corporation
          ehmsas.exe 1696 Media Center Media Status Aggregator Service Microsoft Corporation
          svchost.exe 832 Host Process for Windows Services Microsoft Corporation
          svchost.exe 888 Host Process for Windows Services Microsoft Corporation
          svchost.exe 960 Host Process for Windows Services Microsoft Corporation
          audiodg.exe 1080
          svchost.exe 984 Host Process for Windows Services Microsoft Corporation
          dwm.exe 1940 Desktop Window Manager Microsoft Corporation
          WUDFHost.exe 2540 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
          svchost.exe 1004 Host Process for Windows Services Microsoft Corporation
          taskeng.exe 1820 Task Scheduler Engine Microsoft Corporation
          taskeng.exe 2944 Task Scheduler Engine Microsoft Corporation
          taskeng.exe 7836 Task Scheduler Engine Microsoft Corporation
          SLsvc.exe 1112 Microsoft Software Licensing Service Microsoft Corporation
          svchost.exe 1160 Host Process for Windows Services Microsoft Corporation
          svchost.exe 1284 Host Process for Windows Services Microsoft Corporation
          spoolsv.exe 1524 Spooler SubSystem App Microsoft Corporation
          svchost.exe 1548 Host Process for Windows Services Microsoft Corporation
          avgamsvr.exe 340 AVG Alert Manager GRISOFT, s.r.o.
          avgupsvc.exe 784 AVG Update Service GRISOFT, s.r.o.
          avgrssvc.exe 1152 AVG Resident Shield Service GRISOFT, s.r.o.
          avgrssvc.exe 1228 AVG Resident Shield Service GRISOFT, s.r.o.
          avgemc.exe 1416 AVG E-Mail Scanner GRISOFT, s.r.o.
          PnkBstrA.exe 296
          svchost.exe 1276 Host Process for Windows Services Microsoft Corporation
          svchost.exe 1900 Host Process for Windows Services Microsoft Corporation
          svchost.exe 1240 Host Process for Windows Services Microsoft Corporation
          SearchIndexer.exe 1252 Microsoft Windows Search Indexer Microsoft Corporation
          iPodService.exe 2708 iPodService Module Apple Inc.
          wmpnetwk.exe 3592 Windows Media Player Network Sharing Service Microsoft Corporation
          lsass.exe 592 Local Security Authority Process Microsoft Corporation
          lsm.exe 600 Local Session Manager Service Microsoft Corporation
          csrss.exe 544 Client Server Runtime Process Microsoft Corporation
          winlogon.exe 692 Windows Logon Application Microsoft Corporation
          explorer.exe 1980 Windows Explorer Microsoft Corporation
          MSASCui.exe 1000 Windows Defender User Interface Microsoft Corporation
          qttask.exe 1580 QuickTime Task Apple Inc.
          iTunesHelper.exe 1612 iTunesHelper Module Apple Inc.
          rundll32.exe 1876 Windows host process (Rundll32) Microsoft Corporation
          ehtray.exe 828 Media Center Tray Applet Microsoft Corporation
          SetPointII.exe 1808 Logitech SetPoint EventManager Logitech Inc.
          KHALMNPR.exe 2724 Logitech KHAL Main Process Logitech, Inc.
          wmpnscfg.exe 3548 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
          firefox.exe 5960 Firefox Mozilla Corporation
          procexp.exe 5208 1.52 Sysinternals Process Explorer Sysinternals
          rundll32.exe 2132 Windows host process (Rundll32) Microsoft Corporation
          aolsoftware.exe 2896 AOL America Online, Inc.

          Process: System Pid: 4

          Type Name
          \KernelObjects\Session1
          \KernelObjects\Session0
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          \KernelObjects\Session1
          <Unknown type> \SeRmCommandPort
          <Unknown type> \UMDFCommunicationPorts\Loopback-5fd89c65-cf82-11dc-bd83-00044b01d495
          Desktop \Disconnect
          Desktop \Disconnect
          Directory \Device\Harddisk1
          Directory \Windows\WindowStations
          Directory \Sessions\1\Windows\WindowStations
          Directory \Device\Http
          Directory \Device\Harddisk0
          Event \BaseNamedObjects\NVFlushUnattachEvent
          Event \UniqueSessionIdEvent
          Event \UniqueInteractiveSessionIdEvent
          Event \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
          Event \KernelObjects\LowMemoryCondition
          Event \LanmanServerAnnounceEvent
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File C:\System Volume Information\{61aa9356-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File C:\Windows\System32\config\RegBack\SOFTWARE
          File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\RawIp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\en-US\win32k.sys.mui
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\System Volume Information\{61aa91eb-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\Windows\bootstat.dat
          File C:\Windows\System32\config\SOFTWARE
          File C:\System Volume Information\{61aa93a0-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\Windows\System32\config\SYSTEM.LOG1
          File C:\Windows\System32\config\SAM.LOG1
          File C:\Windows\System32\config\COMPONENTS
          File C:\Windows\System32\config\SECURITY.LOG1
          File C:\Windows\System32\config\DEFAULT.LOG1
          File C:\Windows\System32\config\COMPONENTS.LOG2
          File C:\Windows\System32\config\SOFTWARE.LOG1
          File C:\Windows\System32\config\SAM.LOG2
          File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsM pPsSession.etl
          File C:\System Volume Information\{61aa9452-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\System Volume Information\{61aa9472-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf
          File C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regt rans-ms
          File C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regt rans-ms
          File \clfs
          File \clfs
          File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-System.etl
          File C:\System Volume Information\{0317ac34-cec6-11dc-a37a-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\System Volume Information\{61aa961a-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntlog-Security.etl
          File C:\System Volume Information\{61aa9705-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\System Volume Information\{61aa967f-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\System Volume Information\{5fd89cf5-cf82-11dc-bd83-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File \Device\Tcp
          File C:\System Volume Information\{61aa94ec-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-Application.etl
          File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl .002
          File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDia gLog.etl
          File C:\System Volume Information\{6f75c817-cf25-11dc-bcde-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\config\SECURITY
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Udp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File C:\Windows\System32\LogFiles\Scm\SCM.EVM
          File C:
          File C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf
          File C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
          File C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
          File C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG2
          File C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
          File C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms
          File \clfs
          File \clfs
          File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {3a539869-6a70-11db-887c-d362bd253390}.TM.blf
          File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
          File C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
          File C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG2
          File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
          File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms
          File \clfs
          File \clfs
          File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl
          File \Device\Tcp
          File C:\Windows\System32\config\SOFTWARE.LOG2
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\config\SAM
          File \Device\Mup
          File \Device\Mup
          File \Device\Mup
          File \clfs
          File C:\Users\Ben\ntuser.dat.LOG1
          File \Device\NetbiosSmb
          File C:\Users\Ben\ntuser.dat
          File C:\Users\Ben\ntuser.dat.LOG2
          File C:\Users\Ben\ntuser.dat{0dbd00cb-ba19-11db-8691-00044b01bf09}.TM.blf
          File \Device\NetbiosSmb
          File \Device\Tcp
          File C:\Users\Ben\ntuser.dat{0dbd00cb-ba19-11db-8691-00044b01bf09}.TMContainer00000000000000000001.regt rans-ms
          File C:\Users\Ben\ntuser.dat{0dbd00cb-ba19-11db-8691-00044b01bf09}.TMContainer00000000000000000002.regt rans-ms
          File \clfs
          File \Device\NamedPipe\
          File C:\Users\Ben\AppData\Local\Microsoft\Windows\UsrCl ass.dat
          File C:\Users\Ben\AppData\Local\Microsoft\Windows\UsrCl ass.dat.LOG1
          File C:\Users\Ben\AppData\Local\Microsoft\Windows\UsrCl ass.dat.LOG2
          File \Device\NamedPipe\
          File C:\Users\Ben\AppData\Local\Microsoft\Windows\UsrCl ass.dat{2917e5ee-b82e-11db-b9b6-00044b01bf09}.TM.blf
          File \clfs
          File C:\Users\Ben\AppData\Local\Microsoft\Windows\UsrCl ass.dat{2917e5ee-b82e-11db-b9b6-00044b01bf09}.TMContainer00000000000000000001.regt rans-ms
          File C:\Users\Ben\AppData\Local\Microsoft\Windows\UsrCl ass.dat{2917e5ee-b82e-11db-b9b6-00044b01bf09}.TMContainer00000000000000000002.regt rans-ms
          File \clfs
          File C:\Windows\System32\spool\SpoolerETW.etl
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\SLsvc.exe
          File C:\Windows\System32\ntdll.dll
          File C:\Windows\System32\kernel32.dll
          File C:\Windows\System32\advapi32.dll
          File C:\Windows\System32\rpcrt4.dll
          File C:\Windows\System32\msvcrt.dll
          File C:\Windows\System32\SLC.dll
          File C:\Windows\System32\user32.dll
          File C:\Windows\System32\gdi32.dll
          File C:\Windows\System32\dnsapi.dll
          File C:\Windows\System32\ws2_32.dll
          File C:\Windows\System32\nsi.dll
          File C:\Windows\System32\imm32.dll
          File C:\Windows\System32\msctf.dll
          File C:\Windows\System32\lpk.dll
          File C:\Windows\System32\usp10.dll
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \clfs
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \clfs
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\$Extend\$RmMetadata\$Txf
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \Device\Tcp
          File \Device\Tcp
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File \clfs
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\wbem\Logs\WMITracing.log
          File \clfs
          File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer000 00000000000000002
          File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer000 00000000000000001
          File \Device\Tcp
          File C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
          File \clfs
          File \Device\Udp
          File C:\Windows\System32\config\TxR\{26ba2207-669a-11dc-8b31-f261637aad0d}.TxR.blf
          File \clfs
          File \Device\Tcp
          File C:\Windows\System32\config\DEFAULT
          File C:\Windows\System32\config\SYSTEM.LOG2
          File \Device\Tcp
          File C:\Windows\System32\config\SYSTEM
          File C:\System Volume Information\{61aa928b-c736-11dc-9b45-00044b01d495}{3808876b-c176-4e48-b7ae-04046e6cc752}
          File C:\Windows\System32\config\RegBack\SECURITY
          File C:\Windows\System32\rsaenh.dll
          File C:\Windows\System32\config\TxR\{26ba2207-669a-11dc-8b31-f261637aad0d}.TxR.2.regtrans-ms
          File \clfs
          File C:\Windows\System32\setupapi.dll
          File C:\Windows\System32\config\COMPONENTS.LOG1
          File \clfs
          File \Device\NetBT_Tcpip_{41400971-B406-453C-9693-1D8986F75EF1}
          File C:\Windows\System32\ole32.dll
          File C:\Windows\System32\wfp\wfpdiag.etl
          File C:\Windows\System32\config\RegBack\DEFAULT
          File C:\Windows\System32\oleaut32.dll
          File C:\Windows\System32\config\DEFAULT.LOG2
          File C:\Windows\System32\wintrust.dll
          File C:\Windows\System32\crypt32.dll
          File C:\Windows\System32\msasn1.dll
          File C:\Windows\System32\userenv.dll
          File C:\Windows\System32\secur32.dll
          File C:\pagefile.sys
          File C:\Windows\System32\config\RegBack\COMPONENTS
          File \Device\Tcp
          File \Device\Tcp
          File C:\Windows\System32\imagehlp.dll
          File C:\Windows\System32\config\TxR\{26ba2207-669a-11dc-8b31-f261637aad0d}.TxR.1.regtrans-ms
          File C:\Windows\System32\config\RegBack\SAM
          File \Device\Tcp
          File C:\Windows\System32\config\SECURITY.LOG2
          File C:\Windows\System32\config\TxR\{26ba2207-669a-11dc-8b31-f261637aad0d}.TxR.0.regtrans-ms
          File C:\Windows\System32\Msdtc\KtmRmTmContainer00000000 000000000001
          File C:\Windows\System32\Msdtc\KtmRmTmContainer00000000 000000000002
          File C:\Windows\System32\Msdtc\KtmRmTm.blf
          File C:\Windows\System32\config\RegBack\SYSTEM
          Key HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdap ter
          Key HKLM\SYSTEM\ControlSet001\Services\AvgMfx86\Parame ters
          Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
          Key HKLM\SYSTEM\ControlSet001\Control\ProductOptions
          Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
          Key HKLM\SYSTEM\ControlSet001\Control\WMI\Security
          Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\{2 8d78fad-5a12-11d1-ae5b-0000f803a8c2}\##?#USB#VID_03F0&PID_3B11&MI_01#6&1e 478a30&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\#\Device Parameters
          Key HKLM\SYSTEM\Setup
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 1
          Key HKLM\SOFTWARE\Microsoft\Cryptography\RNG
          Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 5\Scsi Bus 0
          Key HKLM\SOFTWARE\Microsoft\Cryptography\RNG
          Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Gro up Policy\State\Machine
          Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Gro up Policy\State\Machine
          Key HKLM\SYSTEM\ControlSet001\Services\HTTP\Parameters \UrlAclInfo
          Key HKLM\SYSTEM\ControlSet001\Services\disk
          Key HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-2P-B4
          Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s\PersistentRoutes
          Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
          Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s\Interfaces\{41400971-B406-453C-9693-1D8986F75EF1}
          Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s\Interfaces\{0ADF0BE0-4F9A-4E55-A394-A026F202DC9F}
          Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}
          Key HKLM\SYSTEM\ControlSet001\Control\hivelist
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 3\Scsi Bus 1
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 4\Scsi Bus 1
          Key HKLM\SYSTEM\ControlSet001
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 3\Scsi Bus 0
          Key HKLM\SYSTEM\ControlSet001\Services\disk
          Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ Order
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0
          Key HKLM\SYSTEM\ControlSet001\Services\disk
          Key HKLM\SYSTEM\ControlSet001\Services\disk
          Key \REGISTRY
          Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 4\Scsi Bus 0
          Key HKLM\SYSTEM\ControlSet001\Control\Lsa
          Key HKLM\SYSTEM\ControlSet001\Services\Mup
          Key HKLM\SYSTEM\ControlSet001\Services\Smb\Parameters
          Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Process <Error Opening Process>
          Section \Device\PhysicalMemory
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          " THESE ARE NOT THE CODES YOUR LOOKING FOR "
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Thread <Error Opening Thread>
          Sorry Obi Wan, I couldn't resist a classic SW reference.
          and Nice job Mike with the assist !!

          We all wait the outcome

          Comment

            #20
            EWWWW!

            For some reason I thought he was running windows XP. This is going to be a lot more complicated than that since it is Vista. A lot of removal tools aren't allowed access to certain parts of the file structure and most are useless on certain occasions. You may wind up having to do a system restore if you haven't disabled it already. If so, ... whew... options are getting slim.

            One option ... as bad as it may seem... may be to install the crappy software again and reboot like you should have, and then uninstall it.

            Comment

              #21
              Originally posted by -IRC-MIKE
              EWWWW!

              For some reason I thought he was running windows XP. This is going to be a lot more complicated than that since it is Vista. A lot of removal tools aren't allowed access to certain parts of the file structure and most are useless on certain occasions. You may wind up having to do a system restore if you haven't disabled it already. If so, ... whew... options are getting slim.

              One option ... as bad as it may seem... may be to install the crappy software again and reboot like you should have, and then uninstall it.

              yeah...

              vista = fail.

              i believe i read of a way to turn the user access control and all the other annoying security features off, but i dont remember where

              Comment

                #22
                I have turned off the UAC, but my system restore is still operational.....have points up to about a week before I started having this problem
                [img]http://img149.imageshack.us/img149/120/latinsigsj0.jpg[/img] [img]http://sigs.2142-stats.com/BenKenobi_player_7511.png[/img] [img]http://www.ronpaul2008.com/img/public_banners/hope-banner1.gif[/img] [url=http://www.cainslair.com/paypal2Cain.htm/]
                You will donate to Cain's. Now.[/url]

                Comment

                  #23
                  Go for it! Go for the latest restore point... heck .. either one, but the older they are the more likely you are to remove something.

                  Let me emphasize that if you have INSTALLED any programs since the restore point, you should go ahead and UNINSTALL IT before you restore the pc to an earlier time. Some programs are not affected, but some can be a pain in the ass. Just to avoid bits and pieces of programs being left over after a restore, it is wise to remove the programs first ONLY IF you have installed them SINCE the restore point.

                  Comment

                  Previous 1 2 template Next

                  Cain's Lair Forums Statistics

                  Collapse
                  Topics: 26,182   Posts: 269,815   Members: 6,178   Active Members: 5
                  Welcome to our newest member, joky12.

                  Today's Birthdays

                  Collapse

                  Top Active Users

                  Collapse
                  There are no top active users.
                  widgetinstance 184 (More Posts) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X