[Bubba]

In the process of trying to rid myself of persistent error messages, I came across several things that troubled me, and am unable to find the info i need on either Google or the Avast Home site:

1). I found unvise on my system. A google of itdrew mixed results, some said it was foul spyware while others said it was part of an uninstaller. Which is correct? It looks like it came with my pinnacle video editing softwre, but I'm not sure.
I see I snipped the wrong page lol. The path is C:|windows\path32.exe



2). I get a warning from my Avast Log viewer on May 9, and then 3 times may 10. It says:

{Date} System {Event ID} Automatic Rootkit Scan was not started as it didn't complete successfully during the last run.

Should I be worried?

3). I found a file in C:\Program Data\Documents\Config called desktop2.idf. It's been there since Oct of 08 but........... when i look at security (in the property dropdowns) I see that one of the users listed is [IMG]file:///C:/Users/Bill/AppData/Local/Temp/moz-screenshot.jpg[/IMG]"Account unknown S-1-5-5-0-254829. Now who in blue blazes is that and what are they doing with an unknown file type?

4) After comletely clearing all my error messages in event viewer, I find 4 that are similar, they are have event ID 1530, the first one said:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-62750665-1439895472-2324118820-1000:
Process 1724 (\Device\HarddiskVolume1\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000
Process 280 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000
Process 1108 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings
Process 1108 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000\Software\Policies\Microsoft\Windows\CurrentVe rsion\Internet Settings

The one that followed a nanosecond later said:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-62750665-1439895472-2324118820-1000_Classes:
Process 280 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000_CLASSES

Using using a program called autoruns, I got rid on nTune (in the first error) and then deleted everything I saw listed with a path of 'file not found, and reboot. I got two more errors similar to those last two:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-62750665-1439895472-2324118820-1000:
Process 324 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000

and:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-62750665-1439895472-2324118820-1000_Classes:
Process 324 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-62750665-1439895472-2324118820-1000_CLASSES

OS in closing, are all those things "alright" or should I start to worry lol?

[evilfantasy]

I don't know how to read Avast Logs so that isn't much use.

Have you tried scanning the suspicious files at VirusTotal?

[Bubba]

Those aren't avast logs. They are windows warnings, except for the one line about anti root kit not working. The rest is from Bills Gates and Company.

[Glaswegian]

Bubba - do use Vista? If the default system location is Path32 then I would think the file will be OK. I would still do what EF suggests and scan at VT, although they'll likely come up with something - files such as uninstallers usually make scanners throw a fit.

Can't see your second image I'm afraid.

The Reg leaks could be Profile related - the system has tried to unload the profile but another app is still using the Registry so the unload fails. Perhaps try setiing up a new profile and delete the old one?

[Bubba]

Ok, I'll try that. I totally missed the VT thing from EF. i don't know how lol, it's written in English............

EDIT: That was quick, already finished. It said 0/40. I guess that means it's safe?

[Glaswegian]

Yup - I would say it's a legit uninstaller file.

[Bubba]

Ok thanks. LOL I don't know why I was hoping you folks would know about the windows errors and such, Windows doesn't. You go to the MS technet and tech service sites and you see tons of folks asking about them and no one answering them. or if they do answer they say something like, "Ignore it, it's nothing." Then the folks say HOW do we ignore it, it's crashing our computers!!!!!!!!!!.

Personally I think MS put Vista out WAY before it was ready and then concentrated every resource on WIn7 (the completed version of Vista). As such they don't "fix" the problems for Vista, they just make sure they don't occur in Win7. I see Vista being an orphan very shortly.

[evilfantasy]

Quote:

Originally Posted by Glaswegian

Yup - I would say it's a legit uninstaller file.

That's pretty much what I came up with. Like Glaswegian said. Antivirus for some reason don't like some uninstallers.

[Bubba]

Hey Evildude, how about I drop my computer by your house Friday morning and let you make it stable while I'm not Enid. I'll pick it up Saturday evening lol.

[Glaswegian]

Quote:

Originally Posted by Bubba

Hey Evildude, how about I drop my computer by your house Friday morning and let you make it stable while I'm not Enid. I'll pick it up Saturday evening lol.

Did the profile thing work Bubba?