Hi all
Lately Windows on my PC keeps restarting(vista) I get a message 'Checking solutions windows is restarting' it only takes a few seconds to get back to normal but it happens a couple of times an hour & gets a little irratating. Anyone know how I can remedy this problem.

Many Thanks

Tony is Windows actually restarting or are you talking about Windows Explorer?

Tony is Windows actually restarting or are you talking about Windows Explorer?
Windows not explorer:)

Windows not explorer:)

Tony - just another clarification - did you install Vista SP1? If so, apparently one of the many irritating issues is endless restarts of Windows or rebooting of the computer - :sad:

If not, then must be another problem - I have VISTA on my newest laptop, but plan to wait to put on SP1 until MS gets these 'bugs' ironed out! :hmm:

Tony - just another clarification - did you install Vista SP1? If so, apparently one of the many irritating issues is endless restarts of Windows or rebooting of the computer - :sad:

If not, then must be another problem - I have VISTA on my newest laptop, but plan to wait to put on SP1 until MS gets these 'bugs' ironed out! :hmm:Hi giradman, my pc came with vista home premium when i purchased it about 9 months ago. I suspected it may be some kind of spyware or something along those lines although it does not happen that often I want to be one step ahead of it and get some advice of the possibilities first. I do all the cleaning/optimizing regulary so I'm not sure what to think;)

Service Pack 1 for Vista has just been released Tony and giradman is asking if you have installed it. From your answer I would suspect not but please correct me if I am wrong.

I suspected it may be some kind of spyware or something along those lines although it does not happen that often

I was under the impression that it happens approx twice every hour? We can check for spyware but I need to see some logs.

Download Deckard's System Scanner (dss.exe) from here (http://deckard.geekstogo.com/dss.exe) to your Desktop. Close all open applications and windows, doubleclick on dss.exe to run it and follow the prompts.

When the scan is complete, a text file will open. Copy and paste the contents of this log (Main.txt) in your next reply. Also post the contents of Extra.txt (it should be minimised on your taskbar but if not, it can be found in the C:\Deckard\System Scanner folder). You may find that the maximum characters allowed is exceeded when you post. If so, halve the logs and make several posts.

Thanks so much AnnMarie, my apologies for my vague previous posts I'm not quite familiar with some of the computer terms as I am pretty much a novice but here is the main text and extra text from my results:)

Deckard's System Scanner v20071014.68
Run by Tony on 2008-04-09 05:35:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-04-08 17:27:48 UTC - RP373 - Scheduled Checkpoint
6: 2008-04-07 15:41:51 UTC - RP372 - Windows Update
5: 2008-04-06 19:52:18 UTC - RP371 - Scheduled Checkpoint
4: 2008-04-05 16:21:21 UTC - RP370 - Installed DirectX
3: 2008-04-05 16:16:48 UTC - RP368 - Installed Betfair Poker


-- First Restore Point --
1: 2008-04-05 04:59:54 UTC - RP366 - Removed Windows Media Player Firefox Plugin


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 05:39:44
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\hp\KBD\kbd.exe
C:\Users\Tony\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by127w.bay127.mail.live.com/mail/InboxLight.aspx?n=1403821686
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: VGOIEHelper Class - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - C:\Program Files\21cn\VGO\VGOIEBHO.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Firefox Preloader.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 12440 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 NPPTNT2 - \??\c:\windows\system32\npptnt2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S3 rcp_service (ReaConverter scheduler service) - c:\program files\reaconverter 5.0 pro\rcp_scheduler.exe <Not Verified; ReaSoft; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia 6288
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6288
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 20:15:00 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-08 18:58:08 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{D7183858-F327-425F-A4D1-16EEF070DE17}.job
2007-11-14 19:07:12 384 --a------ C:\Windows\Tasks\RegClean Scheduled Scan.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-08 20:50:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 17:22:49 40 --a------ C:\Windows\ujf635.bin
2008-04-05 17:18:36 0 d-------- C:\Windows\system32\directx
2008-04-05 17:17:31 0 d-------- C:\Program Files\Betfair
2008-04-01 12:30:37 0 d-------- C:\Program Files\QO Labs
2008-03-30 09:06:08 0 d-------- C:\Program Files\ReaConverter 5.0 Pro
2008-03-30 08:13:26 303104 --a------ C:\Windows\system32\WMAEncX.dll <Not Verified; NUGROOVZ; WMAEncoderX Control>
2008-03-30 08:13:26 393216 --a------ C:\Windows\system32\VorbisEncX.dll <Not Verified; NUGROOVZ; VorbisEncoderX Control>
2008-03-30 08:13:26 765952 --a------ C:\Windows\system32\tvqenc.dll
2008-03-30 08:13:26 360448 --a------ C:\Windows\system32\NCTWMAFile.dll <Not Verified; NCT Company; NCTWMAFile ActiveX DLL>
2008-03-30 08:13:26 1703936 --a------ C:\Windows\system32\NCTAudioFile.dll <Not Verified; NCT Company; NCTAudioFile ActiveX DLL>
2008-03-30 08:13:25 339968 --a------ C:\Windows\system32\MP3EncX.dll <Not Verified; NUGROOVZ; MP3EncoderX Control>
2008-03-30 08:13:25 233472 --a------ C:\Windows\system32\lame_enc.dll
2008-03-30 08:13:24 892928 --a------ C:\Windows\system32\NCTAudioInformation.dll <Not Verified; NCT Company; NCTAudioInformation ActiveX DLL>
2008-03-30 08:13:24 0 d-------- C:\Program Files\CD to MP3 Ripper
2008-03-30 08:08:01 0 d-------- C:\Users\All Users\NCH Swift Sound
2008-03-30 08:07:52 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-29 20:12:35 19840 --a------ C:\Windows\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Recovery Mode Driver>
2008-03-29 20:10:20 0 d-------- C:\Philips
2008-03-18 12:49:46 0 d-------- C:\Program Files\BingoCafeUK
2008-03-16 09:17:27 0 d-------- C:\Programs
2008-03-10 17:26:36 0 d-------- C:\Program Files\Bit Che


-- Find3M Report ---------------------------------------------------------------

2008-04-08 19:17:36 0 d-------- C:\Users\Tony\AppData\Roaming\uTorrent
2008-04-08 17:41:33 0 d-------- C:\Program Files\Common Files
2008-04-05 17:17:34 0 d-------- C:\Users\Tony\AppData\Roaming\Betfair
2008-04-03 11:08:21 0 d-------- C:\Users\Tony\AppData\Roaming\LimeWire
2008-03-30 09:11:41 0 d-------- C:\Users\Tony\AppData\Roaming\RCP 5
2008-03-30 08:07:52 0 d-------- C:\Users\Tony\AppData\Roaming\NCH Swift Sound
2008-03-29 20:10:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 20:09:46 0 d-------- C:\Users\Tony\AppData\Roaming\InstallShield
2008-03-28 21:07:13 0 d-------- C:\Program Files\PokerStars.NET
2008-03-27 17:46:28 0 d-------- C:\Users\Tony\AppData\Roaming\Real
2008-03-18 09:43:26 0 d-------- C:\Program Files\Java
2008-03-12 11:52:44 0 d-------- C:\Program Files\Windows Mail
2008-03-11 23:15:35 0 d-------- C:\Program Files\SopCast
2008-03-06 10:11:28 0 d-------- C:\Users\Tony\AppData\Roaming\Nokia
2008-03-06 10:11:28 2566 --a------ C:\Users\Tony\AppData\Roaming\NMM-MetaData.db
2008-02-20 16:09:32 0 d-------- C:\Users\Tony\AppData\Roaming\Vso
2008-02-20 15:53:05 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-02-19 20:16:27 0 d-------- C:\Program Files\PPStream
2008-02-19 20:10:40 0 d-------- C:\Users\Tony\AppData\Roaming\ppstream
2008-02-19 15:47:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-19 13:00:08 0 d-------- C:\Users\Tony\AppData\Roaming\PC Suite
2008-02-19 12:55:22 0 d-------- C:\Program Files\DIFX
2008-02-19 12:49:03 0 d-------- C:\Program Files\Common Files\Nokia
2008-02-19 12:49:01 0 d-------- C:\Program Files\Common Files\PCSuite
2008-02-19 12:48:53 0 d-------- C:\Program Files\Nokia
2008-02-19 12:45:41 0 d-------- C:\Program Files\PC Connectivity Solution
2008-02-18 08:43:36 0 d-------- C:\Program Files\LimeWire
2008-02-14 09:58:11 0 d-------- C:\Users\Tony\AppData\Roaming\Skype
2008-02-14 09:28:34 0 d-------- C:\Users\Tony\AppData\Roaming\skypePM
2008-02-11 18:15:20 0 d-------- C:\Program Files\VSO
2008-02-01 14:43:09 274 --a------ C:\Users\Tony\AppData\Roaming\wklnhst.dat
2008-01-24 17:00:30 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-24 17:00:30 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/08/2007 09:01]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 14:42]
"KBD"="C:\HP\KBD\KbdStub.EXE" [08/12/2006 16:16]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [20/11/2006 12:34]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [29/09/2006 21:39]
"RtHDVCpl"="RtHDVCpl.exe" [25/10/2007 06:52 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"@"="" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/2003 17:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 10:51]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [24/08/2007 20:54]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [24/08/2007 20:54]
"Persistence"="C:\Windows\system32\igfxpers.exe" [24/08/2007 20:54]
"RegistryMechanic"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [08/02/2007 02:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [08/02/2007 02:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/01/2008 17:32]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 01:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 16:35]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [29/08/2007 19:39]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 22:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [07/11/2007 18:35]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe" [15/06/2007 10:17]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 11:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Firefox Preloader.lnk - C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe [10/01/2008 17:00:32]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [13/11/2007 08:47:30]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [03/08/2007 11:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"PromptOnSecureDesktop"=0 (0x0)
"EnableLUA"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"4oD"="C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.255.255.255 serial.alcohol-soft.com


-- End of Deckard's System Scanner: finished at 2008-04-09 05:43:08 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) D CPU 3.46GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 1013.88 MiB / 336.25 MiB
Pagefile Memory (total/avail): 2280.41 MiB / 1409.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.86 MiB

C: is Fixed (NTFS) - 143.44 GiB total, 86.72 GiB free.
D: is Fixed (NTFS) - 5.61 GiB total, 0.88 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-60NCB1 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 143.44 GiB - C:
\PARTITION1 - Installable File System - 5.61 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080408-1] v4.8.1169 (ALWIL Software)
AS: Spyware Doctor v (PC Tools) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1169 [VPS 080408-1] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPSÍøÂçµçÊ Ó"
""="\\"C:\\Program Files\\PPStream\\PPStream.exe\\" \\"C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream\\""
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tony\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TONY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tony
LOCALAPPDATA=C:\Users\Tony\AppData\Local
LOGONSERVER=\\TONY-PC
NUMBER_OF_PROCESSORS=1
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Window s\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tony\AppData\Local\Temp
TMP=C:\Users\Tony\AppData\Local\Temp
USERDOMAIN=Tony-PC
USERNAME=Tony
USERPROFILE=C:\Users\Tony
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Tony


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
21CN VGO --> "C:\Program Files\21cn\VGO\Uninstall.exe"
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Active@ ISO Burner v 1.1 --> "C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Betfair Poker --> MsiExec.exe /X{D4A6F05B-D32D-4EA3-B288-05894E803225}
Bingo Cafe UK --> C:\PROGRA~1\BINGOC~1\UNWISE.EXE C:\PROGRA~1\BINGOC~1\INSTALL.LOG
Bit Che --> "C:\Program Files\Bit Che\unins000.exe"
BroadJump Client Foundation --> C:\Windows\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Casino-On-Net --> C:\PROGRA~1\CASINO~1\UNWISE.EXE C:\PROGRA~1\CASINO~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD to MP3 Ripper --> C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
ÐÂÀËÖ±²¥ --> C:\UNWISE.EXE C:\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Platinum 4.0.6.2 Ghosthunter release --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Firefox Preloader --> "C:\Program Files\FirefoxPreloader\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
IsoBuster 2.2 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' RogueRemover 1.22 --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite --> C:\ProgramData\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng_web[1].exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PFConfig 1.0.144 --> C:\Program Files\PFConfig\uninst.exe
Pixelfusion WMP Plugin 1.50 --> "C:\Program Files\QO Labs\Pixelfusion WMP Plugin\unins000.exe"
PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PPMate Network TV 2.0.0.39 --> C:\Program Files\PPMate\uninst.exe
PPStream --> C:\Program Files\PPStream\uninst.exe
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
ReaConverter 5.0 Pro --> "C:\Program Files\ReaConverter 5.0 Pro\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
SA31xx Device Manager & Media Converter --> C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SopCast 3.0.0 --> C:\Program Files\SopCast\uninst.exe
Spin Palace Casino --> C:\MicroGaming\Casino\SpinPalace\install.exe -uninstall
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.4.1 --> C:\Program Files\TVUPlayer\uninst.exe
UUSee ÍøÂçµçÊÓ [4.4.0.49] --> C:\Program Files\uusee\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VIPER TV PLAYER --> C:\Program Files\VIPER TV PLAYER\maintenance.exe
VIPER TV PLAYER (v5) --> C:\Program Files\VIPER TV PLAYER\maintenance.exe
VIPER TV PLAYER (v6) --> C:\Program Files\VIPER TV PLAYER\maintenance.exe
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Vista Manager --> MsiExec.exe /I{4E79AC14-1F0A-4044-B069-126EDCD2308F}
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins001.exe"
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nok btmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nok ia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xilisoft DVD Creator --> C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type32613 / Success
Event Submitted/Written: 04/09/2008 05:29:55 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type32612 / Error
Event Submitted/Written: 04/09/2008 05:29:53 AM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type32604 / Success
Event Submitted/Written: 04/09/2008 05:29:33 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type32603 / Success
Event Submitted/Written: 04/09/2008 05:29:31 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type32592 / Warning
Event Submitted/Written: 04/08/2008 08:53:04 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2841767967-2185088046-3616198017-1000_Classes:
Process 932 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2841767967-2185088046-3616198017-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type79867 / Warning
Event Submitted/Written: 04/09/2008 05:40:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tony-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tony-PC27 can't undo changes that you allow.

For more information please see the following:
%Tony-PC275

Scan ID: {0CB30631-4E03-4E05-AFB5-18EBF4AA26F1}

User: Tony-PC\Tony

Name: %Tony-PC271

ID: %Tony-PC272

Severity ID: %Tony-PC273

Category ID: %Tony-PC274

Path Found: %Tony-PC276

Alert Type: %Tony-PC278

Detection Type: 1.1.1505.02

Event Record #/Type79865 / Warning
Event Submitted/Written: 04/09/2008 05:40:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tony-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tony-PC27 can't undo changes that you allow.

For more information please see the following:
%Tony-PC275

Scan ID: {66B05920-4A43-41E1-AB42-9E4F319BF528}

User: Tony-PC\Tony

Name: %Tony-PC271

ID: %Tony-PC272

Severity ID: %Tony-PC273

Category ID: %Tony-PC274

Path Found: %Tony-PC276

Alert Type: %Tony-PC278

Detection Type: 1.1.1505.02

Event Record #/Type79864 / Warning
Event Submitted/Written: 04/09/2008 05:40:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tony-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tony-PC27 can't undo changes that you allow.

For more information please see the following:
%Tony-PC275

Scan ID: {9542DF28-02C4-4C90-9CF6-0D2EB2B4E310}

User: Tony-PC\Tony

Name: %Tony-PC271

ID: %Tony-PC272

Severity ID: %Tony-PC273

Category ID: %Tony-PC274

Path Found: %Tony-PC276

Alert Type: %Tony-PC278

Detection Type: 1.1.1505.02

Event Record #/Type79863 / Warning
Event Submitted/Written: 04/09/2008 05:40:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tony-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tony-PC27 can't undo changes that you allow.

For more information please see the following:
%Tony-PC275

Scan ID: {D1C6CB51-880D-4550-B05A-7BC136AE5810}

User: Tony-PC\Tony

Name: %Tony-PC271

ID: %Tony-PC272

Severity ID: %Tony-PC273

Category ID: %Tony-PC274

Path Found: %Tony-PC276

Alert Type: %Tony-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-09 05:43:08 ------------

THANKS ANNEMARIE!!

Hi Tony, no problem. There is no evidence of any malware in your logs but there is an indication that a windows update might be responsible for the restarts. Follow the instructions here (http://www.jimmah.com/vista/Administration/kb931174.aspx) and uninstall KB931174. Reboot afterwards and let us know if this helped.

Hi AnnMarie, I have followed your steps & my PC seems to be back to it's old self, Thankyou so much for your help past & present. I am relieved it was only a minor issue and not something more sinister as I suspected at first, Thanks x

That's good news Tony and you are very welcome. :)