TheTechGuide Forum

General Category => Tech Clinic => Topic started by: hotrod4x5 on February 12, 2008, 05:47:18 PM

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 12, 2008, 05:47:18 PM

80% or more of my installed programs have  no uninstall buttons in the add remove programs section of control panel.

HIjack this log:

_________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:08 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\hnFAPMon\hnFAPMon.exe
C:\Program Files\DSUtilities\6000WAKA\6000WAKA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\hnFAPMon\hnFAPMonService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060907
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060907
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313 (http://\"http://us.mcafee.com/root/campaign.asp?cid=16313\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R220 Series on HP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P41 "Auto EPSON Stylus Photo R220 Series on HP" /O17 "\\HP\EPSONSty 220" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [\\HP\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P35 "\\HP\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 6000WAKA.lnk = C:\Program Files\DSUtilities\6000WAKA\6000WAKA.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe
O4 - Global Startup: hnFAPMon.lnk = C:\Program Files\hnFAPMon\hnFAPMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (http://\"http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab\")
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hnFAPMon Service (hnFAPMonService) -                                                                                                                  - C:\Program Files\hnFAPMon\hnFAPMonService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11702 bytes
________________________________________________________________________

Title: Uninstall buttons missing
Post by: guestolo on February 12, 2008, 07:15:41 PM

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 12, 2008, 07:55:35 PM

MAIN=
______________________________________________________
Deckard's System Scanner v20071014.68
Run by Rodney N----- on 2008-02-12 16:53:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
88: 2008-02-13 00:53:41 UTC - RP721 - Deckard's System Scanner Restore Point
87: 2008-02-08 22:19:53 UTC - RP720 - Software Distribution Service 3.0
86: 2008-02-07 22:56:41 UTC - RP719 - Software Distribution Service 3.0
85: 2008-02-06 23:35:44 UTC - RP718 - Printer Driver Microsoft XPS Document Writer Installed
84: 2008-02-06 23:35:34 UTC - RP717 - Installed %1 %2.


-- First Restore Point --
1: 2007-11-10 21:30:11 UTC - RP634 - Removed Adobe® Photoshop® Album Starter Edition 3.2


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]System Drive C: has 2.2 GiB (less than 15%) free.[/color]


-- HijackThis (run as Rodney N-----.exe) ----------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-12 16:57:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\hnFAPMon\hnFAPMonService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Rodney N-----\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060907
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie (http://\"http://www.google.com/ie\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com (http://\"http://www.google.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ (http://\"http://www.google.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s (http://\"http://www.google.com/keyword/%s\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313 (http://\"http://us.mcafee.com/root/campaign.asp?cid=16313\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie (http://\"http://www.google.com/ie\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060907
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R220 Series on HP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P41 "Auto EPSON Stylus Photo R220 Series on HP" /O17 "\\HP\EPSONSty 220" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [\\HP\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P35 "\\HP\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 6000WAKA.lnk = C:\Program Files\DSUtilities\6000WAKA\6000WAKA.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe
O4 - Global Startup: hnFAPMon.lnk = C:\Program Files\hnFAPMon\hnFAPMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (http://\"https://turbotax.com\") (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/0/f...tualEarth3D.cab (http://\"http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (http://\"http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hnFAPMon Service (hnFAPMonService) - Unknown owner - C:\Program Files\hnFAPMon\hnFAPMonService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 12854 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7[/color]
[color=\"red\"].js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R2 P1C1394 (Phase One 1394 Camera Driver) - c:\windows\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 MRVW245 (D-Link RangeBooster N USB Adapter driver for Windows XP) - c:\windows\system32\drivers\mrvw245.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 hnFAPMonService (hnFAPMon Service) - "c:\program files\hnfapmon\hnfapmonservice.exe" -service -programdir "c:\program files\hnfapmon"
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-11 01:49:48       330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-07 20:45:01       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-12 and 2008-02-12 -----------------------------

2008-02-12 14:51:54         0 d-------- C:\Program Files\Trend Micro
2008-02-12 14:46:20         0 d-------- C:\Program Files\SpywareBlaster
2008-02-07 14:57:33         0 d-------- C:\Program Files\MSXML 6.0
2008-02-06 15:44:27         0 d-------- C:\Documents and Settings\All Users\Application Data\Phase One
2008-02-06 15:39:33         0 d-------- C:\Program Files\MSBuild
2008-02-06 15:36:56         0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-06 15:36:11         0 d-------- C:\Program Files\Reference Assemblies
2008-02-04 17:38:04         0 d-------- C:\WINDOWS\system32\Dell
2008-01-22 14:35:36         0 d-------- C:\Program Files\Macrogaming
2008-01-12 15:00:38         0 d-------- C:\Documents and Settings\Rodney N-----\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2008-02-12 16:43:25         0 d-------- C:\Program Files\Mozilla Thunderbird
2008-02-06 15:40:35         0 d-------- C:\Program Files\Phase One
2008-01-29 19:39:48         0 d-------- C:\Documents and Settings\Rodney N-----\Application Data\Intuit
2008-01-29 19:31:42         0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-29 19:31:39         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-29 19:27:21         0 d-------- C:\Program Files\TurboTax
2008-01-26 10:35:03         0 d-------- C:\Program Files\Opera
2008-01-14 23:26:22         0 d-------- C:\Program Files\hnFAPMon
2008-01-09 17:24:43         0 d-------- C:\Program Files\Common Files
2008-01-09 17:24:43         0 d-------- C:\Program Files\Common Files\xing shared
2008-01-09 17:24:39         0 d-------- C:\Program Files\Real
2008-01-09 17:24:11         0 d-------- C:\Program Files\Common Files\Real
2008-01-09 15:17:39         0 d-------- C:\Documents and Settings\Rodney N-----\Application Data\JAlbum
2008-01-09 15:12:44         0 d-------- C:\Program Files\JAlbumWin
2007-12-15 11:41:06         0 d-------- C:\Program Files\FTP Commander
2007-12-12 11:47:52         0 d--h----- C:\Documents and Settings\Rodney N-----\Application Data\Move Networks
2007-12-04 12:43:20       268 -r-h----- C:\Documents and Settings\Rodney N-----\Application Data\Internet Plug-Ins


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 08:48 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [06/21/2006 11:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 01:30 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 11:58 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 10:05 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/26/2005 10:02 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [03/09/2005 06:00 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"Auto EPSON Stylus Photo R220 Series on HP"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [03/09/2005 06:00 AM]
"\\HP\EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [03/09/2005 06:00 AM]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [10/19/2006 06:44 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [09/27/2007 05:34 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/09/2008 05:23 PM]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [01/02/2008 08:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 01:22 PM]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 AM]
"Aim6"="~C:\Program Files\AIM6\aim6.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [01/02/2008 08:15 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Rodney N-----\Start Menu\Programs\Startup\
6000WAKA.lnk - C:\Program Files\DSUtilities\6000WAKA\6000WAKA.exe [11/30/2006 1:47:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe [12/21/2004 9:37:55 AM]
hnFAPMon.lnk - C:\Program Files\hnFAPMon\hnFAPMon.exe [1/3/2008 8:00:45 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17f26cc6-e591-11db-a99a-0016cffe1588}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dad69839-f5cf-11db-a9bc-0016cffe1588}]
AutoRun\command- wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-02-12 16:58:36 ------------

_____________________________________________
EXTRA
_____________________________________________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core(tm)2 CPU         T7200  @ 2.00GHz
CPU 1: Intel® Core(tm)2 CPU         T7200  @ 2.00GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2046.37 MiB / 1412.54 MiB
Pagefile Memory (total/avail): 3939.25 MiB / 3464.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.56 MiB

C: is Fixed (NTFS) - 80.66 GiB total, 2.2 GiB free.
D: is Fixed (NTFS) - 26.2 GiB total, 3.78 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75LAT0 - 110.39 GiB - 4 partitions
  \PARTITION0 - Unknown - 47.03 MiB
  \PARTITION1 (bootable) - Installable File System - 80.66 GiB - C:
  \PARTITION2 - Installable File System - 26.2 GiB - D:
  \PARTITION3 - Unknown - 3.47 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) [color=\"RED\"]Outdated[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\wEmail Removedexe"="C:\\Program Files\\America Online 9.0\\wEmail Removedexe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\wEmail Removedexe"="C:\\Program Files\\America Online 9.0\\wEmail Removedexe:*:Enabled:AOL"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FTP Commander\\Ftpcomm.exe"="C:\\Program Files\\FTP Commander\\Ftpcomm.exe:*:Enabled:Ftpcomm"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe:*:Enabled:Dreamweaver"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\JAlbum 6.5\\JAlbumWin.exe"="C:\\Program Files\\JAlbum 6.5\\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\JAlbum7.0\\JAlbumWin.exe"="C:\\Program Files\\JAlbum7.0\\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(tm) Platform SE binary"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java(tm) 2 Platform Standard Edition binary"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\JAlbum7.3\\JAlbumWin.exe"="C:\\Program Files\\JAlbum7.3\\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\\Program Files\\hnFAPMon\\hnFAPMon.exe"="C:\\Program Files\\hnFAPMon\\hnFAPMon.exe:*:Enabled:                                                                                                                    "
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rodney n-----\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rodney n-----
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RODNEY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RODNEY~1\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=Rodney n-----
USERPROFILE=C:\Documents and Settings\Rodney n-----
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rodney n----- (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9  -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bay Photo Economy --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.softworksroes.com/ROES/labs/BayPhotoEconomy/launch.jnlp"
Capture NX --> C:\Program Files\Nikon\Capture NX\uninstall.exe
Capture One 4 --> "C:\Program Files\Phase One\Capture One 4\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hnFAPMon 4.5.4 --> "C:\Program Files\hnFAPMon\unins000.exe"
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
JAlbum 7.4 --> C:\Program Files\JAlbumWin\Uninstall.exe
Macrogaming SweetIM 2.1 --> MsiExec.exe /X{502358FB-0718-45BC-B142-7511F1694D58}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Rodney n-----\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Opanda IExif 2.3 --> "C:\Program Files\Opanda\IExif 2.3\unins000.exe"
Opera 9.25 --> MsiExec.exe /X{870B0889-A92E-4230-A6A1-F739C1D140DD}
Picture Control Utility --> MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SweetIM For Internet Explorer 3.0b --> MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type558570 / Error
Event Submitted/Written: 02/12/2008 04:42:52 PM
Event ID/Source: 0 / hnFAPMon Service
Event Description:
hnFAPMonModules::hnFAPMonCalc::getPage: http://192.168.0.1/cgi/execAdvCom.bin?Comm...=PEP%20Summary: (http://\"http://192.168.0.1/cgi/execAdvCom.bin?Command=71&PrintMsg=PEP%20Summary:\") 500 Can't connect to 192.168.0.1:80 (connect: Unknown error)

Event Record #/Type558569 / Error
Event Submitted/Written: 02/12/2008 04:42:50 PM
Event ID/Source: 0 / hnFAPMon Service
Event Description:
hnFAPMonModules::hnFAPMonCalc::getPage: http://192.168.0.1/cgi/execAdvCom.bin?Comm...=PEP%20Summary: (http://\"http://192.168.0.1/cgi/execAdvCom.bin?Command=71&PrintMsg=PEP%20Summary:\") 500 Can't connect to 192.168.0.1:80 (connect: Unknown error)

Event Record #/Type558568 / Error
Event Submitted/Written: 02/12/2008 04:42:49 PM
Event ID/Source: 0 / hnFAPMon Service
Event Description:
hnFAPMonModules::hnFAPMonCalc::getPage: http://192.168.0.1/stats/summary/summary.html: (http://\"http://192.168.0.1/stats/summary/summary.html:\") 500 Can't connect to 192.168.0.1:80 (connect: Unknown error)

Event Record #/Type558567 / Error
Event Submitted/Written: 02/12/2008 04:42:49 PM
Event ID/Source: 0 / hnFAPMon Service
Event Description:
hnFAPMonModules::hnFAPMonCalc::getPage: http://192.168.0.1/cgi/execAdvCom.bin?Comm...=PEP%20Summary: (http://\"http://192.168.0.1/cgi/execAdvCom.bin?Command=71&PrintMsg=PEP%20Summary:\") 500 Can't connect to 192.168.0.1:80 (connect: Unknown error)

Event Record #/Type558566 / Error
Event Submitted/Written: 02/12/2008 04:42:48 PM
Event ID/Source: 0 / hnFAPMon Service
Event Description:
hnFAPMonModules::hnFAPMonCalc::getPage: http://192.168.0.1/cgi/execAdvCom.bin?Comm...=PEP%20Summary: (http://\"http://192.168.0.1/cgi/execAdvCom.bin?Command=71&PrintMsg=PEP%20Summary:\") 500 Can't connect to 192.168.0.1:80 (connect: Unknown error)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type82422 / Warning
Event Submitted/Written: 02/12/2008 04:58:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

   Scan ID: {AD4D83F7-5BA4-4119-A1EE-029560E74471}

   User: DELL\Rodney n-----

   Name: %DELL271

   ID: %DELL272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %DELL276

   Alert Type: %DELL278

   Detection Type: 1.1.1593.02

Event Record #/Type82421 / Warning
Event Submitted/Written: 02/12/2008 04:58:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

   Scan ID: {982D23EA-1811-4DBF-A1E2-6DC412D46DD9}

   User: DELL\Rodney n-----

   Name: %DELL271

   ID: %DELL272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %DELL276

   Alert Type: %DELL278

   Detection Type: 1.1.1593.02

Event Record #/Type82420 / Warning
Event Submitted/Written: 02/12/2008 04:58:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

   Scan ID: {D4AF2051-9D55-4CE4-9D10-986CA4C82FF1}

   User: DELL\Rodney n-----

   Name: %DELL271

   ID: %DELL272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %DELL276

   Alert Type: %DELL278

   Detection Type: 1.1.1593.02

Event Record #/Type82419 / Warning
Event Submitted/Written: 02/12/2008 04:58:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

   Scan ID: {4BCF184B-6328-40B0-8E1C-59C2AFCAF618}

   User: DELL\Rodney n-----

   Name: %DELL271

   ID: %DELL272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %DELL276

   Alert Type: %DELL278

   Detection Type: 1.1.1593.02

Event Record #/Type82418 / Warning
Event Submitted/Written: 02/12/2008 04:58:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

   Scan ID: {4619ADD1-05C0-4692-9F66-6C4C8A173602}

   User: DELL\Rodney n-----

   Name: %DELL271

   ID: %DELL272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %DELL276

   Alert Type: %DELL278

   Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-02-12 16:58:36 ------------

Title: Uninstall buttons missing
Post by: guestolo on February 12, 2008, 08:18:06 PM

I see Nod32 in your Run entries, but it doesn't appear to be installed or updated correctly
Is it properly working?
It may be missing the Change/remove button in Add/remove

Can you do the following
Disable Windows Defender's protections so it won't interfere in the below:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer
Back in Windows
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
  
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    [color=\"#6666CC\"]Extended[/color]
    
• Scan Options:
  [color=\"#6666CC\"]Scan Archives[/color]
  

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

• Click OK and, under select a target to scan, select My Computer
  

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://i184.photobucket.com/albums/x99/guestolo/Kas-SaveReport-1.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save

Post back all the following:

1. Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
2. Run a fresh scan/save logfile with Hijackthis and post it also

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 13, 2008, 09:53:30 AM

I had the trial of NOD32 installed, and I haven't uninstalled it or purchased it yet.  

Kaspersky scan:
_________________________________________________
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Wednesday, February 13, 2008 6:49:56 AM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 13/02/2008
 Kaspersky Anti-Virus database records: 561183
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 181053
   Number of viruses found: 0
   Number of infected objects: 0
   Number of suspicious objects: 0
   Duration of the scan process: 02:37:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-172958.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX1a 2001 JPN.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX1a 2003 JPN.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX1a 2003.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX3 2002 JPN.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX3 2003 JPN.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX3 2003.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Rich Content PDF.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\High Quality Print.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\PDFX1a 2001.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\PDFX3 2002.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Press Quality.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Smallest File Size.joboptions   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\desktop.ini   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg   Object is locked   skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\acccore\nss\cert8.db   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\acccore\nss\key3.db   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\cert8.db   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\formhistory.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\history.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\key3.db   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\parent.lock   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\search.sqlite   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\urlclassifier2.sqlite   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\AOL OCP\AIM\Storage\data\hotrod4x5\localStorage\common.cls   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Messenger\hotrod4x5Email Removed\SharingMetadata\Logs\Dfsr00005.log   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Messenger\hotrod4x5Email Removed\SharingMetadata\pending.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Messenger\hotrod4x5Email Removed\SharingMetadata\Working\database_7C80_837A_8083_39A2\dfsr.db   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Messenger\hotrod4x5Email Removed\SharingMetadata\Working\database_7C80_837A_8083_39A2\fsr.log   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Messenger\hotrod4x5Email Removed\SharingMetadata\Working\database_7C80_837A_8083_39A2\fsrtmp.log   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Messenger\hotrod4x5Email Removed\SharingMetadata\Working\database_7C80_837A_8083_39A2\tmp.edb   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Windows Live Contacts\hotrod4x5Email Removed\real\members.stg   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Microsoft\Windows Live Contacts\hotrod4x5Email Removed\shadow\members.stg   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\Cache\_CACHE_001_   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\Cache\_CACHE_002_   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\Cache\_CACHE_003_   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Application Data\Mozilla\Firefox\Profiles\7skgy62v.default\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temp\Perflib_Perfdata_ee0.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temp\~DF2B5A.tmp   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temp\~DF2C60.tmp   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temp\~DF7A83.tmp   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temp\~DF8F3E.tmp   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temp\~DF8F4B.tmp   Object is locked   skipped
C:\Documents and Settings\Rodney n----\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Rodney n----\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Rodney n----\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\ESET\cache\CACHE.NDB   Object is locked   skipped
C:\Program Files\ESET\logs\virlog.dat   Object is locked   skipped
C:\Program Files\ESET\logs\warnlog.dat   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf   Object is locked   skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG   Object is locked   skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Rodney n----.log   Object is locked   skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Rodney n----.log   Object is locked   skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Rodney n----.log   Object is locked   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\change.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\ACEEvent.evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\DEFAULT   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SOFTWARE   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SYSTEM   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_31c.dat   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped

Scan process completed.

_____________________________________________
New HIJACK log:
______________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:23 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\hnFAPMon\hnFAPMon.exe
C:\Program Files\DSUtilities\6000WAKA\6000WAKA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\hnFAPMon\hnFAPMonService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060907
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060907
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313 (http://\"http://us.mcafee.com/root/campaign.asp?cid=16313\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R220 Series on HP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P41 "Auto EPSON Stylus Photo R220 Series on HP" /O17 "\\HP\EPSONSty 220" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [\\HP\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P35 "\\HP\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 6000WAKA.lnk = C:\Program Files\DSUtilities\6000WAKA\6000WAKA.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe
O4 - Global Startup: hnFAPMon.lnk = C:\Program Files\hnFAPMon\hnFAPMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (http://\"http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab\")
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hnFAPMon Service (hnFAPMonService) -                                                                                                                  - C:\Program Files\hnFAPMon\hnFAPMonService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11419 bytes
_______________________________________________________

Title: Uninstall buttons missing
Post by: guestolo on February 13, 2008, 11:25:31 AM

Do you know of any program you may have installed before you noticed the missing Change/remove buttons in add/remove programs?
It may help, an installer may have corrupted the registry

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 13, 2008, 01:28:47 PM

I  installed several programs in the last 5-6 months and I have no idea when the add/remove buttons dissapeared.   When I look through the list, it seems that all of my recent programs, those installed either this month or last, DO  have buttons.  

Is there a way to fix the registry without a full reinstall?

[quote name=\'guestolo\' post=\'421527\' date=\'Feb 13 2008, 08:25 AM\']Do you know of any program you may have installed before you noticed the missing Change/remove buttons in add/remove programs?
It may help, an installer may have corrupted the registry[/quote]

Title: Uninstall buttons missing
Post by: guestolo on February 13, 2008, 08:43:27 PM

Try the following
Let me know a few of the programs you don't see Remove or Change in add/remove

Then do the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

 

Code: [Select]

regedit /e export.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
export.txt

Double click on export.bat
A text file will open, also a file called export.txt will be produced on your desktop

Can you use the Browse button in the lower right under the reply box
Browse to export.txt and select it then use the
UPLOAD button in a reply back here to upload export.txt

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 14, 2008, 02:38:53 AM

No  buttons for Adobe Dreamweaver CS3, Imatch, Microsoft Money 2004, Windows Defender... among others.

Export.txt attached

Title: Uninstall buttons missing
Post by: guestolo on February 14, 2008, 10:42:31 PM

Bump, just to let you know I haven't forgotten about ya
It's valentines' day and I must go for now

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 15, 2008, 11:57:53 AM

[quote name=\'guestolo\' post=\'421676\' date=\'Feb 14 2008, 07:42 PM\']Bump, just to let you know I haven't forgotten about ya
It's valentines' day and I must go for now[/quote]
No problem! I appreciate your help so far.

Title: Uninstall buttons missing
Post by: guestolo on February 16, 2008, 07:28:10 PM

Just so I'm sure the ones listed are ok

In add/remove programs you do see uninstall options for

EG>>
Mozilla Firefox
Hijackthis 2.0.2

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 17, 2008, 10:16:52 PM

Yes, those programs have buttons.

[quote name=\'guestolo\' post=\'421807\' date=\'Feb 16 2008, 04:28 PM\']Just so I'm sure the ones listed are ok

In add/remove programs you do see uninstall options for

EG>>
Mozilla Firefox
Hijackthis 2.0.2[/quote]

Title: Uninstall buttons missing
Post by: guestolo on February 17, 2008, 11:18:04 PM

Take a look at the following link
Let me know if it's any help
http://www.winxptutor.com/arpbuttons.htm (http://\"http://www.winxptutor.com/arpbuttons.htm\")

You may have to reboot the computer after making changes to the registry

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 18, 2008, 12:37:09 PM

Followed the path to the section in the registry, but all my installed programs aren't listed there.  None of the programs without buttons are listed, in fact.

[quote name=\'guestolo\' post=\'421947\' date=\'Feb 17 2008, 08:18 PM\']Take a look at the following link
Let me know if it's any help
http://www.winxptutor.com/arpbuttons.htm (http://\"http://www.winxptutor.com/arpbuttons.htm\")

You may have to reboot the computer after making changes to the registry[/quote]

Title: Uninstall buttons missing
Post by: guestolo on February 18, 2008, 09:03:16 PM

Can you export the following registry entry please

Go to start>>run
copy..paste the following

regedit /e C:\find.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"

Hit OK
Go find C:\find.txt and post it's contents

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 19, 2008, 01:40:58 AM

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Title: Uninstall buttons missing
Post by: guestolo on February 19, 2008, 09:34:22 PM

There doesn't seem to be a problem with that output
Which programs are you trying to uninstall
Give me a few and we'll try and remove them in other means

Also, if you navigate to C:\Program Files folder and open up a program folder
Do you see an uninstall utility?

Title: Uninstall buttons missing
Post by: hotrod4x5 on February 23, 2008, 12:43:16 PM

I want to uninstall Photoshop CS2.  I recently installed CS3 and CS2 somehow got corrupted and the serial number is reading as invalid, so I need to remove it.  There is no utility in the folder.

[quote name=\'guestolo\' post=\'422125\' date=\'Feb 19 2008, 06:34 PM\']There doesn't seem to be a problem with that output
Which programs are you trying to uninstall
Give me a few and we'll try and remove them in other means

Also, if you navigate to C:\Program Files folder and open up a program folder
Do you see an uninstall utility?[/quote]

Title: Uninstall buttons missing
Post by: guestolo on February 23, 2008, 04:49:12 PM

There may be a workaround
I think I would try the following, it may help

Uninstall CS3 for now and reboot the computer
Afterwards
Try the manual removal of CS2
http://kb.adobe.com/selfservice/viewConten...5&sliceId=1 (http://\"http://kb.adobe.com/selfservice/viewContent.do?externalId=331405&sliceId=1\")
Reboot afterwards

Wouldn't hurt to run CCleaner on the machine
Download from link
http://www.filehippo.com/download_ccleaner/ (http://\"http://www.filehippo.com/download_ccleaner/\")

During installation of CCleaner, I suggest you UNTICK YAHOO TOOLBAR
It's not needed
You may also want to untick Check for updates automatically, you can just do it manually

After installed, run CCleaner
Click the CLEANER button>>Run Cleaner>>Ok the prompt
When done
Click the REGISTRY button>>SCAN FOR ISSUES>>when finish scanning select
FIX SELECTED ISSUES....
YES to create backup and ensure to SAVE
Then fix all selected issues

When complete exit CCleaner and reboot computer again
Reinstall CS3