I got infected with a trojan and first windows defender detected it and removed some files and after reboot everything went haywire. The startup is much slower and my network connection is much very slow to get connected and first only to a local network and then internet. I cannot enter any antivirus sites, tried Trend housecall for example. Other sites are fine.
I then trnsferred over a new antivirus software (Nod) and it detected a trojan and removed a bunch of files (have a log) but the problem with the browser persists. I cannot start Firefox, Windows live messenger wont start and even more programs cant execute. I then ran Hijack this so I could post the log for help but the notepad crash on startup so I cant copy the files.

 

I then came across this site and started doing your pre-post instructions but when I run Superantispyware and it starts but a few minutes in I get a blue screen of death. Combofix wont start aswell.

 

I got a file of HJT in notepad after a while.

How should I proceed from here?

 

 

 

 

 

 

 

 

 

 

 

Download Deckard's System Scanner http://www.techsupportforum.com/sectools/Deckard/dss.exe
to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

 

When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

 

Then under Options, place a check next to the following:

 

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

 

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a the second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

---

-----------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Tomas on 2008-06-01 19:21:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

 

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-01 19:23:04
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Tomas\Program Files\DNA\btdna.exe
C:\Users\Tomas\AppData\Roaming\Microsoft\dtsc\424.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\CTxfispi.exe
C:\Users\Tomas\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUnmKBr.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tomas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Tomas\AppData\Roaming\Microsoft\dtsc\424.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tomas\AppData\Local\Temp\vtUkjJCT.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tomas\AppData\Local\Temp\xXpQGWpN.dll,#1
O4 - HKCU\..\Run: [58fe4066] rundll32.exe "C:\Users\Tomas\AppData\Local\Temp\rwvrwoys.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209307422_3d138e879f30b4b9ba93206a61d7eda3&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\444.471
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\System32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\System32\PnkBstrB.exe

--
End of file - 7869 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - \??\c:\windows\system32\drivers\haspnt.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S2 DS1410D - \??\c:\windows\system32\drivers\ds1410d.sys
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.471 service

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&30BE2069&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&30BE2069&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2008-03-21 23:49:27       254 --a------ C:\Windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-05-31 13:22:41         0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-31 13:22:31         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 13:13:49         0 d-------- C:\Program Files\CCleaner
2008-05-31 11:03:11         0 d-------- C:\Users\All Users\ESET
2008-05-31 02:17:03         0 d--hs---- C:\Windows\VG9tYXM
2008-05-31 02:16:57         0 d-------- C:\Windows\system32\IP5
2008-05-31 02:16:57         0 d-------- C:\Windows\system32\A1
2008-05-31 02:16:54         0 d-------- C:\Temp
2008-05-31 02:16:37         0 d-------- C:\Program Files\uTorrent
2008-05-31 02:16:22     89049 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-31 02:15:31         0 d-a------ C:\Users\All Users\TEMP
2008-05-31 02:15:30         0 d-------- C:\Fraps
2008-05-31 02:15:17     36864 --a------ C:\Windows\system32\vtUnmKBr.dll
2008-05-31 02:15:17     38912 --a------ C:\Windows\system32\ssqRKeda.dll
2008-05-30 23:50:54         0 d-------- C:\Program Files\Comical
2008-05-16 02:31:33         0 d-------- C:\Windows\nvidia icons
2008-05-16 02:08:25         0 d-------- C:\Users\All Users\media center programs
2008-05-16 01:39:45         0 d-------- C:\Program Files\Funcom
2008-05-16 01:37:38         0 d-------- C:\Users\All Users\Funcom
2008-05-11 17:59:56         0 d-------- C:\Program Files\Ventrilo
2008-05-11 17:59:20         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 19:25:22         0 --a------ C:\Windows\nsreg.dat
2008-05-06 19:51:09      2829 --a------ C:\Windows\War3Unin.pif
2008-05-06 19:51:09    139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-06 19:51:09     76272 --a------ C:\Windows\War3Unin.dat

-- Find3M Report ---------------------------------------------------------------

2008-06-01 00:11:16         0 d-------- C:\Users\Tomas\AppData\Roaming\DNA
2008-06-01 00:11:12         0 d-------- C:\Users\Tomas\AppData\Roaming\uTorrent
2008-05-31 14:34:05         0 d-------- C:\Users\Tomas\AppData\Roaming\InterVideo
2008-05-31 13:22:31         0 d-------- C:\Users\Tomas\AppData\Roaming\SUPERAntiSpyware.com
2008-05-31 02:21:29         0 d-------- C:\Users\Tomas\AppData\Roaming\BitTorrent
2008-05-31 01:51:21         0 d-------- C:\Program Files\Warcraft III
2008-05-16 09:10:56         0 d-------- C:\Program Files\Windows Mail
2008-05-11 18:02:56         0 d-------- C:\Users\Tomas\AppData\Roaming\Ventrilo
2008-05-11 17:59:20         0 d-------- C:\Program Files\Common Files
2008-05-08 19:25:45         0 d-------- C:\Users\Tomas\AppData\Roaming\Talkback
2008-05-08 19:25:19         0 d-------- C:\Users\Tomas\AppData\Roaming\Mozilla
2008-04-28 00:20:27         0 d-------- C:\Users\Tomas\AppData\Roaming\teamspeak2
2008-04-27 16:43:09         0 d-------- C:\Program Files\Java
2008-04-27 16:42:28         0 d-------- C:\Program Files\Common Files\Java
2008-04-25 00:11:01         0 d-------- C:\Program Files\Warkeys
2008-04-22 19:07:01         0 d-------- C:\Users\Tomas\AppData\Roaming\Move Networks
2008-04-14 22:46:12   2337865 --a------ C:\Windows\system32\pbsvc.exe
2008-04-14 22:37:20         0 d-------- C:\Program Files\Ubisoft
2008-04-14 22:37:20         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-09 22:22:45         0 d-------- C:\Program Files\QuickTime
2008-04-09 20:53:20         0 d-------- C:\Program Files\Electronic Arts
2008-04-02 21:13:22         0 dr-h----- C:\Users\Tomas\AppData\Roaming\SecuROM
2008-04-01 11:55:12         0 d-------- C:\Program Files\InterVideo
2008-04-01 11:53:28         0 d-------- C:\Program Files\Common Files\InterVideo
2008-04-01 11:51:54         0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-01 00:24:40         0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-30 20:03:00      6656 --a------ C:\Windows\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-03-30 20:03:00       383 --a------ C:\Windows\system32\haspdos.sys
2008-03-21 01:39:12       174 --ahs---- C:\Program Files\desktop.ini
2008-03-21 01:27:11    409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-21 01:27:11    114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-03-11 12:16:25         0 -rahs---- C:\MSDOS.SYS
2008-03-11 12:16:25         0 -rahs---- C:\IO.SYS

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-01-15 05:55 C:\Windows\System32\Ctxfihlp.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46]
"MSServer"="C:\Windows\system32\vtUnmKBr.dll" [2008-05-31 02:15]
"runner1"="C:\Windows\mrofinu1000106.exe" []
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"BitTorrent DNA"="C:\Users\Tomas\Program Files\DNA\btdna.exe" [2008-05-08 18:02]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 10:30]
"Microsoft Windows Installer"="C:\Users\Tomas\AppData\Roaming\Microsoft\dtsc\424.exe" [2008-05-31 02:16]
"cmds"="C:\Users\Tomas\AppData\Local\Temp\vtUkjJCT.dll,c" []
"MSServer"="C:\Users\Tomas\AppData\Local\Temp\xXpQGWpN.dll,#1" []
"58fe4066"="C:\Users\Tomas\AppData\Local\Temp\rwvrwoys.dll,b" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A98D0065-7326-41B5-B8D9-C5B692CDB82F}"= C:\WINDOWS\SYSTEM32\VTUNMKBR.DLL [2008-05-31 02:15 36864]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

-- End of Deckard's System Scanner: finished at 2008-06-01 19:24:11 ------------

 

 

 

 

 

__________________________________________________________________________________________________

 

 

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business  (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Xeon(R) CPU           E5450  @ 3.00GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 3326.47 MiB / 2478.25 MiB
Pagefile Memory (total/avail): 6845.96 MiB / 6052.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.32 MiB

C: is Fixed (NTFS) - 465.76 GiB total, 160.82 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST3500630AS - 465.76 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk Cruzer Micro USB Device - 486.34 MiB - 1 partition
  \PARTITION0 - MS-DOS V4 Huge - 488.14 MiB - G:

 

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 1, 0, 1046 (SUPERAntiSpyware.com) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tomas\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOMAS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tomas
LOCALAPPDATA=C:\Users\Tomas\AppData\Local
LOGONSERVER=\\TOMAS-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Autodesk\Maya2008\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tomas\AppData\Local\Temp
TMP=C:\Users\Tomas\AppData\Local\Temp
USERDOMAIN=Tomas-PC
USERNAME=Tomas
USERPROFILE=C:\Users\Tomas
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Tomas

-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
 --> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9  /remove
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comical 0.8 --> "C:\Program Files\Comical\unins000.exe"
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9  /remove
DNA --> "C:\Users\Tomas\Program Files\DNA\btdna.exe" /UNINSTALL
ENFUNS Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626713B4-F070-4605-9DF6-31783A5AEAAE}\setup.exe" -l0x9  -removeonly
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msc3.inf,DefaultUninstall,5
Futuremark SystemInfo --> C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GLOBEtrotter FLEXid Drivers --> C:\Windows\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
HijackThis 2.0.0 --> "G:\VIRUS\HijackThis.exe" /uninstall
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Maya 2008 --> MsiExec.exe /I{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}
Maya 2008 Documentation (en_US) --> MsiExec.exe /I{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Users\Tomas\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NavyFIELD NorthAmerica --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D425D2-803F-40E8-9D65-3DC00D577C11}\setup.exe" -l0x9  -removeonly
Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
PCMark Vantage --> C:\Program Files\InstallShield Installation Information\{F241EC95-C81A-466E-8006-6B0B364B07A0}\setup.exe -runfromtemp -l0x0009 -removeonly
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Sökmarkeringsfönstret (Windows Live Toolbar) --> MsiExec.exe /X{D052C16B-1290-41CF-8EFB-79337027B2F7}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Smarta menyer (Windows Live Toolbar) --> MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}
Sony Ericsson Media Manager 1.0 --> MsiExec.exe /X{EBFEE4E5-6FF1-40D8-B025-2389DB19C159}
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9  /remove
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Tom Clancy's Rainbow Six Vegas 2 --> "C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warkeys 1.7.0.1b --> C:\Program Files\Warkeys\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar --> MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-- Application Event Log -------------------------------------------------------

Event Record #/Type6104 / Error
Event Submitted/Written: 06/01/2008 07:16:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0013000a,
process id 0xc74, application start time 0xwermgr.exe0.

Event Record #/Type6100 / Error
Event Submitted/Written: 06/01/2008 07:16:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00b2000a,
process id 0xac8, application start time 0xwermgr.exe0.

Event Record #/Type6099 / Error
Event Submitted/Written: 06/01/2008 07:16:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001e000a,
process id 0xaa0, application start time 0xwermgr.exe0.

Event Record #/Type6098 / Error
Event Submitted/Written: 06/01/2008 07:16:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0094000a,
process id 0xa78, application start time 0xwermgr.exe0.

Event Record #/Type6097 / Error
Event Submitted/Written: 06/01/2008 07:16:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00a9000a,
process id 0x9e4, application start time 0xwermgr.exe0.

 

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type21406 / Warning
Event Submitted/Written: 06/01/2008 07:23:14 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tomas-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %Tomas-PC27 can't undo changes that you allow.

For more information please see the following:
%Tomas-PC275

 Scan ID: {AE14351E-8B37-4AA3-8C3B-24853ED5F0C2}

 User: Tomas-PC\Tomas

 Name: %Tomas-PC271

 ID: %Tomas-PC272

 Severity ID: %Tomas-PC273

 Category ID: %Tomas-PC274

 Path Found: %Tomas-PC276

 Alert Type: %Tomas-PC278

 Detection Type: 1.1.1600.02

Event Record #/Type21405 / Warning
Event Submitted/Written: 06/01/2008 07:23:14 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tomas-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %Tomas-PC27 can't undo changes that you allow.

For more information please see the following:
%Tomas-PC275

 Scan ID: {D4644663-BF7A-4414-93AC-F9122510CF22}

 User: Tomas-PC\Tomas

 Name: %Tomas-PC271

 ID: %Tomas-PC272

 Severity ID: %Tomas-PC273

 Category ID: %Tomas-PC274

 Path Found: %Tomas-PC276

 Alert Type: %Tomas-PC278

 Detection Type: 1.1.1600.02

Event Record #/Type21404 / Warning
Event Submitted/Written: 06/01/2008 07:23:14 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tomas-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %Tomas-PC27 can't undo changes that you allow.

For more information please see the following:
%Tomas-PC275

 Scan ID: {0CCF72DB-F1FB-4385-B097-1B67A54D0610}

 User: Tomas-PC\Tomas

 Name: %Tomas-PC271

 ID: %Tomas-PC272

 Severity ID: %Tomas-PC273

 Category ID: %Tomas-PC274

 Path Found: %Tomas-PC276

 Alert Type: %Tomas-PC278

 Detection Type: 1.1.1600.02

Event Record #/Type21403 / Warning
Event Submitted/Written: 06/01/2008 07:23:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tomas-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %Tomas-PC27 can't undo changes that you allow.

For more information please see the following:
%Tomas-PC275

 Scan ID: {F0A3B36E-C831-4A4C-A5D8-F1DB052F2D1E}

 User: Tomas-PC\Tomas

 Name: %Tomas-PC271

 ID: %Tomas-PC272

 Severity ID: %Tomas-PC273

 Category ID: %Tomas-PC274

 Path Found: %Tomas-PC276

 Alert Type: %Tomas-PC278

 Detection Type: 1.1.1600.02

Event Record #/Type21402 / Warning
Event Submitted/Written: 06/01/2008 07:23:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tomas-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %Tomas-PC27 can't undo changes that you allow.

For more information please see the following:
%Tomas-PC275

 Scan ID: {301220CB-20A3-47D3-BEE1-D4FF016059A5}

 User: Tomas-PC\Tomas

 Name: %Tomas-PC271

 ID: %Tomas-PC272

 Severity ID: %Tomas-PC273

 Category ID: %Tomas-PC274

 Path Found: %Tomas-PC276

 Alert Type: %Tomas-PC278

 Detection Type: 1.1.1600.02

 

-- End of Deckard's System Scanner: finished at 2008-06-01 19:24:11 ------------