|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
04-04-2008, 12:53 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: vista
|
Cannot access anything but Internet Explorer. Taskbar and Desktop unstable.
Hello: I sincererly hope you can help.
Here's my issue: for the past week or so I have not been able to get into "My Computer" or "Control Panel". Actually I cannot get into anything other than Internet Explorer. I had contacted your forum and Technician "Placehold" has been trying to assist. He has asked me to download three files; Folder Fix Directory Fix Drive Fix I downloaded these files and lo and behold, the system worked fine. For the rest of the day, that is. The next morning the issue was back. Not only can I not access the system, but my task bar keeps disappearing. In order to get it back, I have to go into Task Manager, go into applications and start a new task c:\windows\explorer.exe in order for the task bar to return. But even with the task bar returning, after awhile it goes away again. I've also noticed that my desk top does not stay put even when I select "automatic rearrange". It will rearrange for the first time, but if I go on to another application, when I come back all the Icons are whereever the heck they want to be. I reached out toTechnician Placehold and he advised me to follow the steps for removing malware and provided me with the link. I saved the Kaspersky report but cannot attached it. When I try to upload it, I get a message that it "failed to upload". I try saving it in my temp file, my Desktop, my Documents folder and get the same message. I advised Placehold of this and he provided me with the link to the "HijackThis log help" and asked me to follow the instructions. Below is the log. Any and all responses would be GREATLY appreciated. Thanks, Rosemary Deckard's System Scanner v20071014.68 Run by Rosemary's Toy on 2008-04-04 15:22:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 10: 2008-04-04 16:41:47 UTC - RP336 - Windows Update 9: 2008-04-03 13:52:17 UTC - RP335 - Scheduled Checkpoint 8: 2008-04-02 14:31:50 UTC - RP334 - Windows Update 7: 2008-03-31 02:34:01 UTC - RP333 - Scheduled Checkpoint 6: 2008-03-29 20:27:40 UTC - RP332 - Windows Update -- First Restore Point -- 1: 2008-03-26 17:11:19 UTC - RP327 - Windows Vista Service Pack 1 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Rosemary's Toy.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:25:03 PM, on 4/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Toshiba\Utilities\KeNotify.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Ocucom\PreCast\tmon.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Users\Rosemary's Toy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4WZ22NH\dss[1].exe C:\Windows\system32\Taskmgr.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Rosemary's Toy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Hotbar - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Hotbar\bin\10.0.368.0\HostIE.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Hotbar - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Hotbar\bin\10.0.368.0\HostIE.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3 O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.368.0\Weather.exe" -auto O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ROSEMA~1\AppData\Local\Temp\opppn.dll,#1 O4 - HKCU\..\Run: [Host Process] C:\Users\Rosemary's Toy\svchost.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\ROSEMA~1\AppData\Local\Temp\ktdjscul.dll",run O4 - HKCU\..\Run: [BM57b032d9] Rundll32.exe "C:\Users\ROSEMA~1\AppData\Local\Temp\rytkdsri.dll",s O4 - HKCU\..\Run: [54830145] rundll32.exe "C:\Users\ROSEMA~1\AppData\Local\Temp\isgkahwa.dll",b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11805 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 DVC (USB DVC Svc) - c:\windows\system32\drivers\dvc.sys <Not Verified; Your Corporation; Your Product Name> S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID> S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID> S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)> R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player> R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application> S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> S3 GoogleDesktopManager-091907-194040 (Google Desktop Manager 5.1.709.19590) - "c:\program files\google\google desktop search\googledesktop.exe" <Not Verified; Google; Google Desktop> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-03-23 09:00:02 386 --a------ C:\Windows\Tasks\rpc.job 2008-02-01 02:00:14 350 --a------ C:\Windows\Tasks\McQcTask.job 2008-01-15 03:34:45 358 --a------ C:\Windows\Tasks\McDefragTask.job -- Files created between 2008-03-04 and 2008-04-04 ----------------------------- 2008-04-04 15:24:44 0 d-------- C:\Program Files\Trend Micro 2008-04-03 17:08:25 0 d-------- C:\Windows\system32\Kaspersky Lab 2008-04-03 15:29:19 0 d-------- C:\Program Files\Panda Security 2008-04-03 15:20:47 405588 --a------ C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients> 2008-04-02 16:31:35 0 d-------- C:\Program Files\Ocucom 2008-03-26 13:04:31 0 d-------- C:\5f974e9e3664ae75cc7fa51c0f2a17a5 2008-03-23 13:50:39 0 d--hs---- C:\Users\Rosemary's Toy\! 2008-03-23 13:50:35 3545428 -----n--- C:\Users\Rosemary's Toy\x1.dat 2008-03-23 13:50:31 61952 --a------ C:\Users\Rosemary's Toy\winlogon.exe 2008-03-23 09:20:42 0 d-------- C:\Program Files\Safari 2008-03-20 15:34:29 0 d-------- C:\Users\All Users\FreshGames 2008-03-10 14:39:27 0 d-------- C:\perflogs -- Find3M Report --------------------------------------------------------------- 2008-04-04 14:36:22 0 d-------- C:\Users\Rosemary's Toy\AppData\Roaming\PreCast 2008-04-03 15:20:45 0 d-a------ C:\Program Files\MyWebSearch 2008-04-02 17:40:31 0 d-------- C:\Users\Rosemary's Toy\AppData\Roaming\LimeWire 2008-04-02 16:32:09 0 d-------- C:\Users\Rosemary's Toy\AppData\Roaming\Terrapin 2008-04-02 16:31:55 0 d-------- C:\Users\Rosemary's Toy\AppData\Roaming\Mozilla 2008-03-29 18:10:23 0 d-------- C:\Program Files\LimeWire 2008-03-29 16:02:05 0 d-------- C:\Program Files\Windows Sidebar 2008-03-29 16:02:05 0 d-------- C:\Program Files\Windows Photo Gallery 2008-03-29 16:02:05 0 d-------- C:\Program Files\Windows Mail 2008-03-29 13:16:49 0 d-------- C:\Users\Rosemary's Toy\AppData\Roaming\TOSHIBA 2008-03-25 08:10:21 0 d-------- C:\Users\Rosemary's Toy\AppData\Roaming\Apple Computer 2008-03-20 15:32:36 0 d-------- C:\Program Files\TOSHIBA Games 2008-02-28 20:11:26 0 d-------- C:\Program Files\iTunes 2008-02-28 20:11:09 0 d-------- C:\Program Files\iPod 2008-02-28 20:10:15 0 d-------- C:\Program Files\Bonjour 2008-02-28 20:09:44 0 d-------- C:\Program Files\QuickTime 2008-02-28 20:07:30 0 d-------- C:\Program Files\Apple Software Update 2008-02-28 20:05:49 0 d-------- C:\Program Files\Common Files 2008-02-28 20:05:49 0 d-------- C:\Program Files\Common Files\Apple 2008-02-26 09:12:53 0 d-------- C:\Program Files\McAfee 2008-02-06 19:32:52 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}] C:\Program Files\Hotbar\bin\10.0.368.0\HostIE.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Program Files\Hotbar\bin\10.0.368.0\HostIE.dll [ ] [-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}] [HKEY_CLASSES_ROOT\HostIE.Bho.1] [HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}] [HKEY_CLASSES_ROOT\HostIE.Bho] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [02/13/2007 12:30 PM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/04/2007 04:19 PM] "RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 08:07 PM C:\Windows\RtHDVCpl.exe] "NDSTray.exe"="NDSTray.exe" [] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [11/01/2006 11:06 AM] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [11/01/2006 02:08 PM] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [11/06/2006 08:14 PM] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [12/20/2006 02:16 AM] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 07:49 PM] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [01/19/2007 01:24 AM] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [01/17/2007 04:46 PM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [12/19/2007 12:46 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/27/2007 07:32 AM] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\Windows\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 06:07 PM] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 06:06 PM] "Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 06:07 PM] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 07:00 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="TOSCDSPD.EXE" [] "WeatherDPA"="C:\Program Files\Hotbar\bin\10.0.368.0\Weather.exe" [] "MSServer"="C:\Users\ROSEMA~1\AppData\Local\Temp\opppn.dll,#1" [] "Host Process"="C:\Users\Rosemary's Toy\svchost.exe" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM] "MS Juan"="C:\Users\ROSEMA~1\AppData\Local\Temp\ktdjscul.dll,run" [] "BM57b032d9"="C:\Users\ROSEMA~1\AppData\Local\Temp\rytkdsri.dll,s" [] "54830145"="C:\Users\ROSEMA~1\AppData\Local\Temp\isgkahwa.dll,b" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [11/3/2007 2:51:14 PM] PreCast Monitor.lnk - C:\Program Files\Ocucom\PreCast\tmon.exe [2/12/2008 1:24:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-04 15:26:55 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: English CPU 0: Genuine Intel(R) CPU T2130 @ 1.86GHz Percentage of Memory in Use: 66% Physical Memory (total/avail): 1525.5 MiB / 507.15 MiB Pagefile Memory (total/avail): 3290.24 MiB / 1937.92 MiB Virtual Memory (total/avail): 2047.88 MiB / 1918.1 MiB C: is Fixed (NTFS) - 147.58 GiB total, 82.97 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 1500 MiB \PARTITION1 (bootable) - Installable File System - 147.58 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: McAfee Personal Firewall v (McAfee) AV: McAfee VirusScan v (McAfee) AS: McAfee VirusScan v (McAfee) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine" "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Rosemary's Toy\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ROSEMARY ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Rosemary's Toy LOCALAPPDATA=C:\Users\Rosemary's Toy\AppData\Local LOGONSERVER=\\ROSEMARY NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e0c ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\ROSEMA~1\AppData\Local\Temp TMP=C:\Users\ROSEMA~1\AppData\Local\Temp USERDOMAIN=Rosemary USERNAME=Rosemary's Toy USERPROFILE=C:\Users\Rosemary's Toy windir=C:\Windows -- User Profiles --------------------------------------------------------------- Rosemary's Toy -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72} --> "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Blasterball 3\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Block Breaker Deluxe\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Cubis Gold 2\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Diner Dash - Flo on the Go\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Jewel of Atlantis\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Jewel Quest Solitaire 2\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Lumines\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Puzzle City\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Super Granny 4\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Zenerchi\Uninstall.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x9 -removeonly Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Camera Assistant Software for Toshiba --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x9 CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9 CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log DVC5.0 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57E0EA5F-D0A3-4036-A69B-269A469EC5B4}\Setup.exe" DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9 Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Imikimi Plugin --> "C:\Program Files\Imikimi\uninstall.exe" Imikimi Plugin 0.4.0 --> MsiExec.exe /I{81D34E00-F747-4838-8DC1-BE2FCAEA85FF} Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe" Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly Mail.com Alert --> C:\Program Files\mail.com\uninst.exe McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Move Networks Media Player for Internet Explorer --> C:\Users\Rosemary's Toy\AppData\Roaming\Move Networks\ie_bin\Uninst.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe Ocucom PreCast 1.6 --> C:\Program Files\Ocucom\PreCast\uninstaller.exe oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph proDAD Vitascene 1.0 --> "C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D} Samsung Camcorder USB-D03 Capture Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A52E1D3-7C17-4EE9-9137-D4B1B3060653}\Setup.exe" customuninstall Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly Studio 11 Bonus DVD --> C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409 TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9 TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409 TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Games --> "C:\Program Files\TOSHIBA Games\Uninstall.exe" TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033 TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7} TOSHIBA Software Modem --> Tosmreg -U TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033 TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409 V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0 Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685} Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type8455 / Success Event Submitted/Written: 04/03/2008 02:59:11 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type8454 / Success Event Submitted/Written: 04/03/2008 02:59:10 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type8453 / Success Event Submitted/Written: 04/03/2008 02:59:07 PM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type8422 / Success Event Submitted/Written: 04/03/2008 00:56:59 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type8421 / Success Event Submitted/Written: 04/03/2008 00:56:58 PM Event ID/Source: 5615 / WinMgmt Event Description: -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type34118 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {57130EF0-2414-40E9-99E7-CF224D6F3BA2} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34117 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {07728C70-86CF-4F68-AA66-B6181CBABEEC} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34116 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {4E7DD2A8-1B6B-4EEE-9FB5-1E76EE13439D} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34115 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {04D353CA-E3BA-4459-8281-64006217707A} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34086 / Warning Event Submitted/Written: 04/04/2008 00:36:26 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001B9E1926A4. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2008-04-04 15:26:55 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: English CPU 0: Genuine Intel(R) CPU T2130 @ 1.86GHz Percentage of Memory in Use: 66% Physical Memory (total/avail): 1525.5 MiB / 507.15 MiB Pagefile Memory (total/avail): 3290.24 MiB / 1937.92 MiB Virtual Memory (total/avail): 2047.88 MiB / 1918.1 MiB C: is Fixed (NTFS) - 147.58 GiB total, 82.97 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 1500 MiB \PARTITION1 (bootable) - Installable File System - 147.58 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: McAfee Personal Firewall v (McAfee) AV: McAfee VirusScan v (McAfee) AS: McAfee VirusScan v (McAfee) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine" "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Rosemary's Toy\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ROSEMARY ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Rosemary's Toy LOCALAPPDATA=C:\Users\Rosemary's Toy\AppData\Local LOGONSERVER=\\ROSEMARY NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e0c ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\ROSEMA~1\AppData\Local\Temp TMP=C:\Users\ROSEMA~1\AppData\Local\Temp USERDOMAIN=Rosemary USERNAME=Rosemary's Toy USERPROFILE=C:\Users\Rosemary's Toy windir=C:\Windows -- User Profiles --------------------------------------------------------------- Rosemary's Toy -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72} --> "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Blasterball 3\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Block Breaker Deluxe\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Cubis Gold 2\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Diner Dash - Flo on the Go\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Jewel of Atlantis\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Jewel Quest Solitaire 2\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Lumines\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Puzzle City\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Super Granny 4\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe" --> "C:\Program Files\TOSHIBA Games\Zenerchi\Uninstall.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x9 -removeonly Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Camera Assistant Software for Toshiba --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x9 CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9 CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log DVC5.0 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57E0EA5F-D0A3-4036-A69B-269A469EC5B4}\Setup.exe" DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9 Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Imikimi Plugin --> "C:\Program Files\Imikimi\uninstall.exe" Imikimi Plugin 0.4.0 --> MsiExec.exe /I{81D34E00-F747-4838-8DC1-BE2FCAEA85FF} Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe" Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly Mail.com Alert --> C:\Program Files\mail.com\uninst.exe McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Move Networks Media Player for Internet Explorer --> C:\Users\Rosemary's Toy\AppData\Roaming\Move Networks\ie_bin\Uninst.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe Ocucom PreCast 1.6 --> C:\Program Files\Ocucom\PreCast\uninstaller.exe oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph proDAD Vitascene 1.0 --> "C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D} Samsung Camcorder USB-D03 Capture Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A52E1D3-7C17-4EE9-9137-D4B1B3060653}\Setup.exe" customuninstall Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly Studio 11 Bonus DVD --> C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409 TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9 TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409 TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Games --> "C:\Program Files\TOSHIBA Games\Uninstall.exe" TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033 TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7} TOSHIBA Software Modem --> Tosmreg -U TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033 TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409 V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0 Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685} Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type8455 / Success Event Submitted/Written: 04/03/2008 02:59:11 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type8454 / Success Event Submitted/Written: 04/03/2008 02:59:10 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type8453 / Success Event Submitted/Written: 04/03/2008 02:59:07 PM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type8422 / Success Event Submitted/Written: 04/03/2008 00:56:59 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type8421 / Success Event Submitted/Written: 04/03/2008 00:56:58 PM Event ID/Source: 5615 / WinMgmt Event Description: -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type34118 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {57130EF0-2414-40E9-99E7-CF224D6F3BA2} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34117 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {07728C70-86CF-4F68-AA66-B6181CBABEEC} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34116 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {4E7DD2A8-1B6B-4EEE-9FB5-1E76EE13439D} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34115 / Warning Event Submitted/Written: 04/04/2008 03:25:19 PM Event ID/Source: 3004 / WinDefend Event Description: %Rosemary27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Rosemary27 can't undo changes that you allow. For more information please see the following: %Rosemary275 Scan ID: {04D353CA-E3BA-4459-8281-64006217707A} User: Rosemary\Rosemary's Toy Name: %Rosemary271 ID: %Rosemary272 Severity ID: %Rosemary273 Category ID: %Rosemary274 Path Found: %Rosemary276 Alert Type: %Rosemary278 Detection Type: 1.1.1505.02 Event Record #/Type34086 / Warning Event Submitted/Written: 04/04/2008 00:36:26 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001B9E1926A4. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2008-04-04 15:26:55 ------------ |
|
     
|
|
04-10-2008, 03:13 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Feb 2007
Posts: 179
OS: Windows XP Pro
|
Re: Cannot access anything but Internet Explorer. Taskbar and Desktop unstable.
Hello!
( 1 ) Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. Download the latest version of Java Runtime Environment (JRE) 6/05 Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. _______________________ Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): MyWebSearch MyWebSearch bar { Everything related to MyWebSearch! Hotbar Now reboot. ( 2 ) Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
|
|
|
|
|
| Thread Tools | |
|
|
