I tried DSS again and it worke dthe secodn time, so here that is as well
Main
Deckard's System Scanner v20071014.68
Run by James on 2008-03-01 08:12:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
6: 2008-02-29 21:58:10 UTC - RP232 - Scheduled Checkpoint
5: 2008-02-28 22:20:24 UTC - RP231 - Scheduled Checkpoint
4: 2008-02-28 09:08:41 UTC - RP230 - Scheduled Checkpoint
3: 2008-02-27 07:25:52 UTC - RP229 - Scheduled Checkpoint
2: 2008-02-25 18:10:18 UTC - RP228 - Scheduled Checkpoint
-- First Restore Point --
1: 2008-02-25 01:56:46 UTC - RP227 - Installed SUPERAntiSpyware Free Edition
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as James.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:56 AM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Windows\System32\mobsync.exe
C:\Users\James\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\James.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.Google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -
http://www.nanoscan....s/ascstubie.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 7994 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080301-080211-547 O4 - HKLM\..\Run: [dmyyn.exe] C:\Windows\system32\dmyyn.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 szkg5 (szkg) - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
S3 rt61x86 (Ralink RT61 Wireless Driver for Windows Vista) - c:\windows\system32\drivers\netr61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-01 07:56:10 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{74425EC7-34E8-45CF-9ADC-D5908DCEE470}.job
2008-01-28 23:22:37 480 --a------ C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - James.job
-- Files created between 2008-02-01 and 2008-03-01 -----------------------------
2008-02-29 18:08:57 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-02-29 18:08:55 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-02-26 15:41:41 0 d-------- C:\Program Files\Microsoft SQL Server
2008-02-26 15:21:10 0 d-------- C:\Windows\PCHEALTH
2008-02-26 15:21:10 0 d-------- C:\Program Files\Microsoft.NET
2008-02-26 15:21:10 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 15:21:09 0 d-------- C:\Users\All Users\Microsoft Help
2008-02-25 10:52:23 0 d-------- C:\Program Files\Panda Security
2008-02-24 21:02:36 0 d-------- C:\Program Files\Trend Micro
2008-02-24 20:57:36 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-24 20:57:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-24 20:56:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 20:53:20 0 d-------- C:\Users\All Users\Grisoft
2008-02-22 04:00:32 0 d-------- C:\Users\James\DoctorWeb
2008-02-22 03:46:10 0 d-------- C:\Users\All Users\SITEguard
2008-02-22 03:43:13 0 d-------- C:\Program Files\STOPzilla!
2008-02-22 03:43:11 0 d-------- C:\Program Files\Common Files\iS3
2008-02-22 03:43:10 0 d-------- C:\Users\All Users\STOPzilla!
2008-02-12 21:41:49 0 --a------ C:\Windows\nsreg.dat
2008-02-08 01:46:52 164352 --a------ C:\Windows\system32\unrar.dll
2008-02-08 01:46:49 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-08 01:46:48 755027 --a------ C:\Windows\system32\xvidcore.dll
2008-02-08 01:46:47 159839 --a------ C:\Windows\system32\xvidvfw.dll
2008-02-08 01:46:46 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-08 01:46:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-08 01:46:43 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-02-08 01:46:40 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-03 15:30:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-03 15:30:07 0 d-------- C:\Program Files\Common Files\Real
2008-02-01 14:36:44 229376 -ra------ C:\Windows\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
-- Find3M Report ---------------------------------------------------------------
2008-03-01 02:31:22 3462 --a------ C:\Users\James\AppData\Roaming\wklnhst.dat
2008-02-29 04:16:25 0 d-------- C:\Program Files\Black Isle
2008-02-26 15:21:13 0 d-------- C:\Program Files\Common Files
2008-02-24 20:57:18 0 d-------- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2008-02-24 20:54:08 0 d-------- C:\Users\James\AppData\Roaming\Grisoft
2008-02-22 02:53:38 0 d-------- C:\Program Files\Java
2008-02-21 13:11:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 21:42:09 0 d-------- C:\Users\James\AppData\Roaming\Talkback
2008-02-12 21:41:47 0 d-------- C:\Users\James\AppData\Roaming\Mozilla
2008-02-08 03:52:01 0 d-------- C:\Users\James\AppData\Roaming\Real
2008-02-08 01:47:52 0 d-------- C:\Users\James\AppData\Roaming\Media Player Classic
2008-02-07 22:09:01 0 d-------- C:\Program Files\VideoLAN
2008-02-03 15:30:12 0 d-------- C:\Program Files\Real
2008-02-02 15:02:12 0 d-------- C:\Program Files\Last.fm
2008-01-30 17:53:04 126976 -ra------ C:\Windows\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:52:56 364544 -ra------ C:\Windows\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:52:16 372736 -ra------ C:\Windows\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:52:00 61440 -ra------ C:\Windows\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:51:42 23040 -ra------ C:\Windows\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:51:24 192512 -ra------ C:\Windows\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:50:58 94208 -ra------ C:\Windows\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:50:44 90112 -ra------ C:\Windows\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-30 17:47:08 704512 -ra------ C:\Windows\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-01-29 13:12:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-22 18:33:08 0 d-------- C:\Users\James\AppData\Roaming\WinRAR
2008-01-18 11:01:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-14 06:18:06 8590143 --a------ C:\Windows\system32\nwn2main
2008-01-09 03:24:41 0 d-------- C:\Program Files\Windows Mail
2008-01-09 03:24:40 0 d-------- C:\Program Files\Windows Sidebar
2008-01-08 03:01:35 0 d-------- C:\Program Files\MSXML 4.0
2008-01-07 19:44:46 32768 --a------ C:\Windows\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-01-07 19:25:53 0 d-------- C:\Program Files\Sony
2008-01-07 18:58:46 0 d-------- C:\Users\James\AppData\Roaming\Template
2008-01-07 18:56:52 0 d-------- C:\Program Files\Microsoft Works
2008-01-07 16:03:07 307200 --a------ C:\Windows\system32\OptionsEditor.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-01-07 16:03:03 1298432 --a------ C:\Windows\system32\EQGraphicsDX9.dll
2008-01-07 16:00:21 974848 --a------ C:\Windows\system32\eqmain.dll
2008-01-07 16:00:18 3723264 --a------ C:\Windows\system32\eqgame.exe
2008-01-07 10:40:09 1524992 --a------ C:\Windows\system32\umbral.dat
2008-01-07 10:39:08 6584864 --a------ C:\Windows\system32\twilight.dat
2008-01-07 10:37:02 3811456 --a------ C:\Windows\system32\tenebrous.dat
2008-01-07 10:30:46 3910368 --a------ C:\Windows\system32\shadeweaver.dat
2008-01-07 10:29:59 803712 --a------ C:\Windows\system32\scarlet.dat
2008-01-07 10:28:16 725728 --a------ C:\Windows\system32\mseru.dat
2008-01-07 10:27:27 1896544 --a------ C:\Windows\system32\maiden.dat
2008-01-07 10:27:23 40960 --a------ C:\Windows\system32\lpatch.exe
2008-01-07 10:26:42 822432 --a------ C:\Windows\system32\letalis.dat
2008-01-07 10:24:58 1440224 --a------ C:\Windows\system32\hollowshade.dat
2008-01-07 10:24:14 4708640 --a------ C:\Windows\system32\grimling.dat
2008-01-07 10:20:45 1229024 --a------ C:\Windows\system32\dawnshroud.dat
2008-01-07 10:08:55 6459392 --a------ C:\Windows\system32\xul.dll
2008-01-07 10:08:47 7680 --a------ C:\Windows\system32\xpcom.dll <Not Verified; Mozilla Foundation; XULRunner>
2008-01-07 10:08:46 118784 --a------ C:\Windows\system32\ssl3.dll <Not Verified; Netscape Communications Corporation; Network Security Services>
2008-01-07 10:08:45 376832 --a------ C:\Windows\system32\softokn3.dll <Not Verified; Netscape Communications Corporation; Network Security Services>
2008-01-07 10:08:44 110592 --a------ C:\Windows\system32\smime3.dll <Not Verified; Netscape Communications Corporation; Network Security Services>
2008-01-07 10:08:23 9216 --a------ C:\Windows\system32\plds4.dll <Not Verified; Netscape Communications Corporation; Netscape Portable Runtime>
2008-01-07 10:08:21 13312 --a------ C:\Windows\system32\plc4.dll <Not Verified; Netscape Communications Corporation; Netscape Portable Runtime>
2008-01-07 10:08:21 233472 --a------ C:\Windows\system32\nssckbi.dll <Not Verified; Netscape Communications Corporation; Network Security Services>
2008-01-07 10:08:20 372736 --a------ C:\Windows\system32\nss3.dll <Not Verified; Netscape Communications Corporation; Network Security Services>
2008-01-07 10:08:19 159744 --a------ C:\Windows\system32\nspr4.dll <Not Verified; Netscape Communications Corporation; Netscape Portable Runtime>
2008-01-07 10:08:18 425984 --a------ C:\Windows\system32\js3250.dll <Not Verified; Netscape Communications Corporation; NETSCAPE>
2008-01-07 10:08:17 37888 --a------ C:\Windows\system32\gksvggdiplus.dll <Not Verified; Mozilla Foundation; XULRunner>
2008-01-07 10:05:54 3383 --a------ C:\Windows\system32\dontchecksum
2008-01-07 10:02:28 3862528 --a------ C:\Windows\system32\testeqgame.exe
2008-01-07 09:57:22 95232 --a------ C:\Windows\system32\smackw32.dll
2008-01-07 09:50:39 349696 --a------ C:\Windows\system32\mss32.dll
2008-01-07 09:49:17 1296 --a------ C:\Windows\system32\load2_switches.dat
2008-01-07 09:28:56 81920 --a------ C:\Windows\system32\eaxman.dll <Not Verified; Creative Labs Custom Engineering; Creative Labs EAX Manager>
2008-01-07 09:28:13 160256 --a------ C:\Windows\system32\dpvs.dll
2008-01-07 09:15:05 557568 --a------ C:\Windows\system32\EscapeToNorrath.exe
2008-01-07 09:14:58 901120 --a------ C:\Windows\system32\EQGfx_Dx8.dll
2008-01-07 09:14:57 90112 --a------ C:\Windows\system32\DirectXTest.exe
2008-01-07 09:14:54 1257472 --a------ C:\Windows\system32\DXTest.dll
2008-01-07 09:14:51 60416 --a------ C:\Windows\system32\DSETUP.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-01-07 08:36:42 1421312 --a------ C:\Windows\system32\TestEverQuest.exe
2008-01-07 08:36:42 1421312 --a------ C:\Windows\system32\EverQuest.exe
2008-01-07 08:36:39 249856 --a------ C:\Windows\system32\installerconfig.exe
2008-01-07 08:36:36 217088 --a------ C:\Windows\system32\Win32Bitmap.dll
2008-01-07 08:35:30 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-01-05 15:20:48 0 d-------- C:\Users\James\AppData\Roaming\AdobeUM
2008-01-03 14:09:43 0 d-------- C:\Program Files\Atari
2008-01-03 05:52:09 0 d-------- C:\Program Files\DivX
2007-12-05 03:04:57 75776 --a------ C:\Windows\system32\dmrsl.exe
2007-12-04 02:33:16 682496 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [04/10/2007 03:01 PM C:\Windows\RtHDVCpl.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 03:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/03/2008 03:30 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:02 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [9/9/2007 9:23:07 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /HideWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-03-01 08:15:28 ------------
Extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2045.87 MiB / 1291.55 MiB
Pagefile Memory (total/avail): 4306.12 MiB / 3394.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.36 MiB
C: is Fixed (NTFS) - 224.87 GiB total, 86.1 GiB free.
D: is Fixed (FAT32) - 8 GiB total, 1.37 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is Removable (FAT)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD2500JD-22HBC0 ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB - D:
\PARTITION1 (bootable) - Installable File System - 224.87 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device - 964.84 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 968.5 MiB - G:
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
DisabledAS: Norton AntiVirus v2007 (Symantec Corporation)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\James\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMES-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\James
LOCALAPPDATA=C:\Users\James\AppData\Local
LOGONSERVER=\\JAMES-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\James\AppData\Local\Temp
TMP=C:\Users\James\AppData\Local\Temp
USERDOMAIN=James-PC
USERNAME=James
USERPROFILE=C:\Users\James
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
James
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Baldur's Gate II - Shadows of Amn --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAE4336-2B71-11D4-9A6C-006067325E47}\setup.exe"
BioWare Premium Module: Neverwinter Nights Kingmaker --> C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights Kingmaker.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Delete Crescendo - Download Edition --> "C:\Program Files\GCO_CRES\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EverQuest Trilogy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B769E280-9708-11D5-B880-00A0CC58DEE4}\setup.exe"
EverQuest: Shadows of Luclin --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDA03B05-0524-11D6-B881-00A0CC58DEE4}\setup.exe"
Fractal Mapper v8.01a Trial Version --> "C:\Program Files\nbos\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.7.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic Online --> C:\Program Files\Wizards of the Coast\Magic Online\magic.exe -u
Magic Online III --> C:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual Basic 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU --> MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Users\James\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
PS2 --> C:\Windows\system32\ps2.exe uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
SAMSUNG Mobile Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
STOPzilla --> MsiExec.exe /X{02DF19A9-DBAC-44E1-A018-D1AA7EBFAD36}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type9898 / Success
Event Submitted/Written: 03/01/2008 08:10:44 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type9875 / Success
Event Submitted/Written: 03/01/2008 08:10:36 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type9847 / Success
Event Submitted/Written: 03/01/2008 08:10:15 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type9835 / Warning
Event Submitted/Written: 03/01/2008 08:08:26 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-236733034-134380502-3987535395-1000_Classes:
Process 336 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Event Record #/Type9834 / Warning
Event Submitted/Written: 03/01/2008 08:08:22 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
33 user registry handles leaked from \Registry\User\S-1-5-21-236733034-134380502-3987535395-1000:
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\Toolbar
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\SearchUrl
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\extensions
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\search
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\New Windows
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Policies\Microsoft\internet explorer\restrictions
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\Desktop\components
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\URLSearchHooks
Process 336 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\Explorer Bars
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\layers
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Internet Explorer\menuext
Process 1096 (\Device\HarddiskVolume2\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe) has opened key \REGISTRY\USER\S-1-5-21-236733034-134380502-3987535395-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system
Process 1096
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type29392 / Error
Event Submitted/Written: 03/01/2008 08:11:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BuddyVM%%3
Event Record #/Type29323 / Error
Event Submitted/Written: 03/01/2008 08:10:34 AM
Event ID/Source: 2505 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{4167B601-A881-4A51-8854-4351BA4AAD44} because another computer on the network has the same name. The server could not start.
Event Record #/Type29315 / Warning
Event Submitted/Written: 03/01/2008 08:09:47 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down
Event Record #/Type29303 / Warning
Event Submitted/Written: 03/01/2008 08:08:37 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:
Event Record #/Type29276 / Error
Event Submitted/Written: 03/01/2008 07:54:53 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.4 for the Network Card with network address 0012178C2F66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
-- End of Deckard's System Scanner: finished at 2008-03-01 08:15:28 ------------