I don’t want to bog this thread down too much, but here is the report:
FILES CHANGED: (38)
C:\Config.Msi
C:\Documents and Settings\All Users\Desktop
C:\Documents and Settings\All Users\Start Menu\Programs
C:\Documents and Settings\Riley\Local Settings\Temp
C:\Documents and Settings\Riley\Local Settings\Temp\Install-log.txt C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\89Y7K16N C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\GTENSPQ7 C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\K12NW96J C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\KZPRUY71 C:\Documents and Settings\Riley\NTUSER.DAT.LOG
C:\Program Files\3dsmax5
C:\Program Files\3dsmax5\backburner2
C:\Program Files\3dsmax5\scripts
C:\Program Files\3dsmax5\scripts\examples
C:\Program Files\3dsmax5\stdplugs
C:\Program Files\Adobe\Photoshop 7.0\Required
C:\Program Files\Common Files\Autodesk Shared
C:\Program Files\iolo\System Mechanic\SafeInstall Data
C:\Program Files\WexTech\AnswerWorks
C:\Program Files\WexTech\AnswerWorks\Uninst.isu
C:\WINDOWS
C:\WINDOWS\Installer
C:\WINDOWS\Prefetch\_INS5176._MP-23834F0A.pf
C:\WINDOWS\Prefetch\BACKBURNERCFG.EXE-009F53FF.pf
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf
C:\WINDOWS\Prefetch\SETUP.EXE-0F40F254.pf
C:\WINDOWS\Prefetch\SETUP.EXE-229E57B8.pf
C:\WINDOWS\system32
C:\WINDOWS\system32\config\SECURITY.LOG
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\software
C:\WINDOWS\system32\config\system.LOG
C:\WINDOWS\system32\wbem\Logs\wbemess.log
C:\WINDOWS\system32\wbem\Repository\FS
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
C:\WINDOWS\Temp
NO CHANGES MADE TO C:\WINDOWS\SYSTEM.INI…
NO CHANGES MADE TO C:\WINDOWS\WIN.INI…
REGISTRY KEY VALUES CHANGED: (10)
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Ses sionInformation Value "ProgramCount": from "1" to "2" HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\Discardable\ PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Value "Implementing": binary data changed
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\Discardable\ PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Value "Implementing": binary data changed
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count
Value "HRZR_EHACVQY:%pfvqy2%\qvfperrg\3qf znk 5\punenpgre fghqvb hfre ersrerapr.yax": from "A8,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00" to "A8,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\Shell\Bags\1\Desktop
Value "ItemPos1600x1200(1)": binary data changed
REGISTRY KEY VALUES ADDED: (6)
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pf vqy2%\qvfperrg\3qf znk 5\3qf znk 5 Ernqzr.yax="A9,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00 "
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pf vqy2%\qvfperrg\3qf znk 5\3qf znk 5 ghgbevny ersrerapr.yax="A9,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00 "
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pf vqy2%\qvfperrg\3qf znk 5\3qf znk 5 hfre ersrerapr.yax="A9,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00 "
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pf vqy2%\qvfperrg\3qf znk 5\Cbegnoyr Yvprafr Hgvyvgl.yax="A9,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00 "
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pf vqy2%\qvfperrg\3qf znk 5\Yvprafr Pbasvthengvba Fjvgpure.yax="A9,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00 "
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{ 75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pf vqy2%\qvfperrg\3qf znk 5\ZnkSvaq.yax="A9,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00 "
REGISTRY KEY VALUES DELETED: (12)
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\inf \unregmp2.exe,-9907= "MIDI Sequence"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\Sys tem32\setupapi.dll,-2000= "Setup Information"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\sys tem32\SHELL32.dll,-9216= "My Computer"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\@shdoclc.dll,-8 64= "Show &Related Links"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\@shdoclc.dll,-8 65= "Shows links related to the current page."
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\@shdoclc.dll,-8 66= "Related"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Internet Explorer\iexplore.exe="Internet Explorer"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\iolo\System Mechanic\SysMechanic.exe="System Mechanic"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Microsoft Office\Office10\WINWORD.EXE="Microsoft Word"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\note pad.exe= "Notepad"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Syst em32\taskmgr.exe= "Windows TaskManager"
HKEY_USERS\S-1-5-21-1004336348-1645522239-839522115-1003\Sof tware\Microsoft\Windows\ShellNoRoam\MUICache\LangID= "09,04"
The only thing that I can see that has been changed in Adobe Photoshop files is under "FILES CHANGED": "C:\Program Files\Adobe\Photoshop 7.0\Required". It disturbs me that it is doing something with Photoshop. I wish it would show me what it changed in "…Photoshop 7.0\Required".
Any suggestions?