Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"windows Internet Exploerer Provided By Yahoo!"


  • This topic is locked This topic is locked
5 replies to this topic

#1 mplsmtl

mplsmtl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 11 May 2008 - 07:49 PM

Hello,

I'm trying to get rid of the yahoo software that is adding "...provided by Yahoo!" to the title bar of the windows internet explorer.

I understand that in removing that, I may lose some other aspect/function that is provided by this software from "Yahoo!".

Please let me know if this is insufficient information... Below are the HijackThis logs. The Kaspersky log is below them.

Thanks for any assistance you can offer.



Deckard's System Scanner v20071014.68
Run by Chris Lewis on 2008-05-11 18:54:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
119: 2008-05-11 23:55:34 UTC - RP401 - Deckard's System Scanner Restore Point
118: 2008-05-11 22:24:17 UTC - RP400 - Installed Windows Installer Clean Up
117: 2008-05-11 22:19:29 UTC - RP399 - Removed Windows Installer Clean Up
116: 2008-05-11 22:00:51 UTC - RP398 - Installed Tweakui Powertoy for Windows XP
115: 2008-05-11 17:50:39 UTC - RP397 - System Checkpoint


-- First Restore Point --
1: 2008-03-15 11:25:55 UTC - RP283 - Installed Windows IDNMitigationAPIs.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chris Lewis.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:28 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Chris Lewis.CHRIS\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Chris Lewis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~2\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Internet Explorer] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictavision Mediashare - {BA47BE23-6C07-40f6-AC3D-F4F70BA467D2} - C:\WINDOWS\system32\Shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CHRISL~1.CHR/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 10145 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera Driver>
R1 Pivot - c:\windows\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (NT)>
R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R3 pivotmou (Pivot Mouse/Pointers Filter Driver) - c:\windows\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>

S1 Exportit - c:\windows\system32\drivers\exportit.sys <Not Verified; Eastman Kodak Company; Kodak DC File System driver>
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera FP Driver>
S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera LPS Driver>
S3 DcPTP - c:\windows\system32\drivers\dcptp.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera PTP Driver>
S3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R2 winss (Windows Live OneCare) - c:\program files\microsoft windows onecare live\winss.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&369939D9&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&369939D9&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-05-11 03:15:00 406 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-05-09 21:34:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-06 13:58:59 362 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 18:40:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 18:40:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 17:58:07 0 d-------- C:\WINDOWS\LastGood
2008-05-11 17:32:56 0 dr-h----- C:\Documents and Settings\Chris Lewis.CHRIS\Recent
2008-05-11 17:24:19 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-05-11 16:58:03 22400 --a------ C:\WINDOWS\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
2008-05-11 16:58:02 0 d-------- C:\Program Files\PrimaScan
2008-05-10 10:29:29 0 d-------- C:\Temp
2008-05-09 18:22:41 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Xerox
2008-05-08 11:50:59 10022912 --a------ C:\Documents and Settings\Chris Lewis.CHRIS\ntuser.dat
2008-05-07 08:28:09 127 --a------ C:\WINDOWS\~alitb98.bat
2008-05-06 18:04:52 0 d-------- C:\Program Files\Visioneer
2008-05-06 16:59:21 0 d-------- C:\Lmini
2008-05-06 15:46:43 0 d-------- C:\Program Files\CCleaner
2008-05-06 01:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-06 01:50:15 107370 --a------ C:\WINDOWS\hpqins13.dat
2008-05-06 00:46:03 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\ErrorSmart
2008-05-05 23:44:48 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-05-05 09:40:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-05 09:22:40 0 d-------- C:\Program Files\Garmin
2008-04-27 22:25:42 0 d-------- C:\Program Files\PC Digital Safe
2008-04-27 22:16:00 0 d-------- C:\spywarebegone
2008-04-27 22:08:14 0 d-------- C:\Program Files\PC Check-up
2008-04-27 13:42:44 0 d-------- C:\Program Files\Speeditup Free(2)
2008-04-27 13:06:23 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\RegistrySmart
2008-04-27 13:03:19 0 d-------- C:\Program Files\RegistrySmart
2008-04-25 14:55:14 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-25 14:55:14 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-04-25 14:54:35 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\vlc
2008-04-25 13:29:51 0 d-------- C:\Program Files\Bonjour
2008-04-25 12:25:20 0 d-------- C:\Program Files\Zumie
2008-04-25 11:21:42 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-04-22 18:02:03 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2008-04-20 01:49:44 0 d-------- C:\Program Files\a-squared Free
2008-04-20 01:27:08 0 d-------- C:\Program Files\ToniArts
2008-04-19 21:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-19 17:18:20 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\.housecall6.6
2008-04-19 15:37:05 0 d-------- C:\Program Files\DIFX
2008-04-19 07:19:48 0 d-------- C:\DECCHECK
2008-04-18 09:35:32 0 d-------- C:\Program Files\Winamp Toolbar
2008-04-18 09:35:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-18 09:27:02 0 d-------- C:\Program Files\Winamp
2008-04-18 09:16:17 27116 --a------ C:\WINDOWS\system32\drivers\tpp300.sys <Not Verified; In-System Design, Inc.; TPP Storage Adapter>
2008-04-18 09:16:16 27148 --a------ C:\WINDOWS\system32\drivers\tpp200.sys <Not Verified; In-System Design, Inc.; TPP Storage Adapter>
2008-04-18 09:16:14 86456 --a------ C:\WINDOWS\system32\tppun.exe <Not Verified; In-System Design, Inc.; TPP Storage Adapter>
2008-04-18 09:16:14 8081 --a------ C:\WINDOWS\system32\drivers\tppsflpy.sys <Not Verified; In-System Design, Inc.; TPP Storage Adapter>
2008-04-18 09:16:14 37420 --a------ C:\WINDOWS\system32\drivers\tpp725.sys <Not Verified; In-System Design, Inc.; TPP Storage Adapter>
2008-04-18 09:16:14 0 d-------- C:\WINDOWS\Drivers
2008-04-18 09:16:14 21841 --a------ C:\Program Files\Common Files\tppupd2k.dll <Not Verified; In-System Design, Inc.; TPP Storage Adapter>
2008-04-18 08:59:50 0 d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-04-17 22:33:41 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\DisplayTune
2008-04-17 22:29:34 11776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
2008-04-17 22:28:29 2304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-04-17 22:28:28 62009 --a------ C:\WINDOWS\system32\WPFB.DLL <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
2008-04-17 22:28:28 11323 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>
2008-04-17 22:28:28 17465 --a------ C:\WINDOWS\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
2008-04-17 22:27:58 372736 --a------ C:\WINDOWS\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-04-17 22:27:54 0 d-------- C:\Program Files\Portrait Displays
2008-04-17 22:27:54 0 d-------- C:\Program Files\Common Files\Portrait Displays
2008-04-17 22:01:35 0 d-------- C:\Program Files\AdvancedSearchbar


-- Find3M Report ---------------------------------------------------------------

2008-05-11 19:00:25 0 d-------- C:\Program Files\Trend Micro
2008-05-11 17:24:01 0 d-------- C:\Program Files\MSECACHE
2008-05-10 12:07:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-07 12:54:48 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Azureus
2008-05-07 09:39:33 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-07 08:37:16 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-05-07 08:26:18 0 d-------- C:\Program Files\BMCentral
2008-05-07 07:27:36 0 d-------- C:\Program Files\Common Files
2008-05-06 16:46:14 680 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-05-06 14:57:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 01:54:45 0 d-------- C:\Program Files\HP
2008-05-05 23:42:16 0 d-------- C:\Program Files\Picasa2
2008-05-05 09:40:02 0 d-------- C:\Program Files\Google
2008-05-03 17:00:11 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\SlimBrowser
2008-04-28 13:13:30 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Real
2008-04-28 08:10:17 0 d-------- C:\Program Files\SPAMfighter
2008-04-28 07:58:32 0 d-------- C:\Program Files\DivX
2008-04-28 07:56:38 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 07:56:32 0 d-------- C:\Program Files\Safari
2008-04-25 13:41:31 0 d-------- C:\Program Files\SiSoftware
2008-04-25 12:20:35 0 d-------- C:\Program Files\Java
2008-04-25 10:34:35 0 d-------- C:\Program Files\Yahoo!
2008-04-22 13:12:53 0 d-------- C:\Program Files\palmOne
2008-04-13 17:26:25 0 d-------- C:\Program Files\Virtual Earth 3D
2008-04-13 14:22:08 0 d-------- C:\Program Files\iTunes
2008-04-13 14:21:43 0 d-------- C:\Program Files\iPod
2008-04-13 14:19:23 0 d-------- C:\Program Files\QuickTime
2008-04-11 13:17:25 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Apple Computer
2008-04-11 09:30:37 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-11 09:30:34 0 d-------- C:\Program Files\Windows Live
2008-04-11 09:26:49 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-07 12:07:17 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-05 16:09:46 0 d-------- C:\Program Files\WebCam
2008-04-01 16:04:06 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Snapfish
2008-03-23 21:02:25 0 d-------- C:\Program Files\Aspect one
2008-03-20 12:17:50 0 d-------- C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Help
2008-03-14 14:21:37 64476 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-24 09:59:25 74 --ah----- C:\WINDOWS\efdcet.dat
2008-02-17 12:17:41 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
03/19/2008 05:36 PM 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [03/19/2008 05:36 PM 1267040]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [04/21/2008 10:23 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [12/09/2002 07:19 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/31/2008 11:51 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [03/13/2008 09:34 AM]
"Tweak UI"="TWEAKUI.CPL" [06/18/2000 02:03 PM C:\WINDOWS\system32\TWEAKUI.CPL]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [12/14/2007 06:54 PM]
"Internet Explorer"="C:\Program Files\Internet Explorer\iexplore.exe" [02/29/2008 03:55 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [05/10/2008 12:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~2\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 04:39 PM 294400]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65bed47a-7d40-11dc-a086-00306eb01508}]




-- End of Deckard's System Scanner: finished at 2008-05-11 19:03:45 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 511.45 MiB / 175.19 MiB
Pagefile Memory (total/avail): 1248.21 MiB / 902.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.51 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 14.75 GiB free.
D: is Fixed (FAT32) - 27.94 GiB total, 13.82 GiB free.
E: is Fixed (NTFS) - 149.05 GiB total, 109.17 GiB free.
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380023A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD300BB-00AUA1 - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 27.95 GiB - D:

\\.\PHYSICALDRIVE2 - SAMSUNG SP1604N USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris Lewis.CHRIS\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris Lewis.CHRIS
LOGONSERVER=\\CHRIS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRISL~1.CHR\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRISL~1.CHR\LOCALS~1\Temp
USERDOMAIN=CHRIS
USERNAME=Chris Lewis
USERPROFILE=C:\Documents and Settings\Chris Lewis.CHRIS
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Chris Lewis.CHRIS (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe® Photoshop® Album Starter Edition 3.2 -->
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agfa PhotoWise 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Agfa\Agfa PhotoWise 2.0\Uninst.isu"
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Black Ops Hypnosis (remove only) --> C:\Program Files\Black Ops Hypnosis\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Diskeeper Professional Premier Edition --> MsiExec.exe /X{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DU Meter --> "C:\Program Files\DU Meter\unins001.exe"
EasyCleaner --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Family Tree Maker --> D:\MYDOCU~2\MYDOCU~1\GENEOL~1\FAMILY~1\uninstal.exe
Firehand Ember --> C:\PROGRA~2\FIREHA~1\Ember\EMBERU~1\UNWISE.EXE C:\PROGRA~2\FIREHA~1\Ember\EMBERU~1\install.log
Forté Agent --> C:\PROGRA~2\Agent\UNWISE.EXE C:\PROGRA~2\Agent\INSTALL.LOG
Garmin POI Loader --> MsiExec.exe /X{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare --> MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HD Photo Plug-in (BETA) for Adobe® Photoshop® software --> MsiExec.exe /X{14F93701-6965-4E38-880A-BE09D262922D}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
hp deskjet 5550 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 5550 series
HP My Display --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential 3.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HTML Executable IERuntime --> C:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare Custom Creations Software --> C:\PROGRA~2\KODAKE~1\UNWISE.EXE C:\PROGRA~2\KODAKE~1\INSTALL.LOG
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_14e6872b\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Live Search Maps Add-In for Microsoft Office Outlook --> MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.00.1217\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.00" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
MGI PhotoSuite III SE (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Software Update for Web Folders (English) 12 -->
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.30 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.10 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.0.2500.30 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.15 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MP3 Repair Tool v1.5.2 --> "C:\Program Files\Aspect one\MP3 Repair Tool\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Pagis Pro 3.0 --> C:\Program Files\ScanSoft\Pagis\Uninstall\Setup.exe -f"C:\Program Files\ScanSoft\Pagis\Uninstall\Uninst.ins"
palmOne --> MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pivot Software --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
PrimaScan 2400P Scanner Driver --> C:\PROGRA~2\PRIMAS~1\UNWISE.EXE C:\PROGRA~2\PRIMAS~1\INSTALL.LOG
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quick View Plus --> C:\WINDOWS\UNINSQVP.EXE
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ReadPlease 2003/ReadPlease PLUS 2003 --> "C:\Program Files\ReadPlease 2003\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
SDK --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TextBridge Pro 9.0 --> C:\Program Files\ScanSoft\TextBridge Pro 9.0\Bin\Setup.exe -y -f"C:\Program Files\ScanSoft\TextBridge Pro 9.0\Bin\Uninst.ins"
TPP Storage Class Driver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{179C8887-E768-4FF6-9008-1F665AD9F6FC}\Setup.exe" NotFirstIntall
TreeSize Free V2.1 --> "C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
TreeSize Professional 4.3.2 --> "C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
TTS Wrapper --> MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Tweak UI --> C:\WINDOWS\rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\Inf\Tweakui.Inf
Tweakui Powertoy for Windows XP --> MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Ulead Photo Explorer 8.5 Trial --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\Setup.exe" -l0x9
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCamPlanet 5.00 --> "C:\Program Files\WebCam\unins000.exe"
WebFldrs XP -->
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\Chris Lewis.CHRIS\Application Data\Mozilla\Firefox\Profiles\4oopz8av.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~2\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type14011 / Warning
Event Submitted/Written: 05/11/2008 05:34:39 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type14010 / Warning
Event Submitted/Written: 05/11/2008 05:34:39 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type14005 / Error
Event Submitted/Written: 05/11/2008 05:23:12 PM
Event ID/Source: 11714 / MsiInstaller
Event Description:
Product: Adobe Reader 8.1.2 -- Error 1714.The older version of Adobe Reader 8.1.2 cannot be removed. Contact your technical support group. System Error 1635.

Event Record #/Type14003 / Error
Event Submitted/Written: 05/11/2008 05:14:38 PM
Event ID/Source: 11714 / MsiInstaller
Event Description:
Product: Adobe Reader 8.1.2 -- Error 1714.The older version of Adobe Reader 8.1.2 cannot be removed. Contact your technical support group. System Error 1635.

Event Record #/Type14001 / Error
Event Submitted/Written: 05/11/2008 04:50:53 PM
Event ID/Source: 11714 / MsiInstaller
Event Description:
Product: Adobe Reader 8.1.2 -- Error 1714.The older version of Adobe Reader 8.1.2 cannot be removed. Contact your technical support group. System Error 1635.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21238 / Error
Event Submitted/Written: 05/11/2008 05:34:53 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Event Record #/Type21237 / Error
Event Submitted/Written: 05/11/2008 05:34:53 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TuneUp Theme Extension service failed to start due to the following error:
%%1083

Event Record #/Type21236 / Warning
Event Submitted/Written: 05/11/2008 05:34:38 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share SharedDocs on Main PC (Chris) because the directory C:\Documents and Settings\Chris Lewis.CHRIS\NetHood\SharedDocs on Main PC (Chris) no longer exists. Please run "net share SharedDocs on Main PC (Chris) /delete" to delete the share, or recreate the directory C:\Documents and Settings\Chris Lewis.CHRIS\NetHood\SharedDocs on Main PC (Chris).

Event Record #/Type21223 / Error
Event Submitted/Written: 05/11/2008 05:00:35 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The error:
"%{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}"
Happened while starting this command:
"C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding

Event Record #/Type21222 / Error
Event Submitted/Written: 05/11/2008 05:00:35 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The error:
"%{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}"
Happened while starting this command:
"C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding



-- End of Deckard's System Scanner: finished at 2008-05-11 19:03:45 ------------


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 11, 2008 7:46:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/05/2008
Kaspersky Anti-Virus database records: 760524
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\CHRISL~1.CHR\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 21584
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:23:36

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EC5B9B8A-021B-4D1D-BE2A-7FC8707E10E0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\Software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\System Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by mplsmtl, 11 May 2008 - 07:51 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:48 AM

Posted 31 May 2008 - 06:57 PM

Hello mplsmtl,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mplsmtl

mplsmtl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 31 May 2008 - 07:22 PM

Hello-

I've run Spybot & Adaware a couple of times since I first posted... but I still haven't managed to remove the "Yahoo."

Here's the HijackThis log, please let me know if I've forgotten to include any other info that you need. ...and thanks for the help.

Michael


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:28 PM, on 5/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Microsoft Office\OFFICE12\OUTLOOK.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tvlistings.zap2it.com/tvlistings/ZC...mTimeInMillis=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~2\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Internet Explorer] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictavision Mediashare - {BA47BE23-6C07-40f6-AC3D-F4F70BA467D2} - C:\WINDOWS\system32\Shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CHRISL~1.CHR/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 10679 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:48 AM

Posted 31 May 2008 - 08:06 PM

Hello,

Well.....Spybot and AdAware won't do anything with Yahoo, because Yahoo is not malicious. There is nothing in Kaspersky log that shows infection either. What exactly is it you want here? If you want rid of Yahoo, then uninstall Yahoo. :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mplsmtl

mplsmtl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 31 May 2008 - 09:42 PM

Yeah... I thought I tried that, but I'll have to take a look at it again. Thanks for checking it out for the "big" stuff for me.

Michael

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:48 AM

Posted 04 June 2008 - 01:51 PM

You're welcome. :thumbsup:


Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users