Hijack This Log[RESOLVED]

dejanvu

By dejanvu,
in Malware Removal

 Share Followers 0

Recommended Posts

dejanvu

dejanvu

Posted
Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:42:10 PM, on 5/16/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\sttray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Dejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ER4H978\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S243F.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IntelĀ® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 8403 bytes

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay!

Step 1

Your log shows that you have run HijackThis without extracting it from the zip folder first or have it running fromyour desktop/temporary location. To ensure that backups made when items are fixed are secure, we need to get HijackThis set up properly. To do this please download the self-extracting version of HijackThis that will unzip the file for you and put a shortcut on your desktop. Please delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis from here:

HijackThis Installer Download

Save HJTInstall.exe to your desktop.

Double-click the file then click the Install button.

The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

A shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.

Click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.

Please use the shortcut to run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Step 2

Please download Deckard's System Scanner (DSS) to your desktop.

  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that folder and also copy the contents of Extra.txt to your post as well.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Here is my HiJackThis log, following the instructions you provided:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:05:26 PM, on 5/23/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\sttray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S243F.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IntelĀ® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 8732 bytes

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Here is the Deckard System Scanner Main.txt file:

Deckard's System Scanner v20071014.68

Run by Dejan on 2008-05-23 15:10:17

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

11: 2008-05-23 18:58:30 UTC - RP436 - Windows Update

10: 2008-05-22 16:09:12 UTC - RP435 - Windows Update

9: 2008-05-22 00:12:45 UTC - RP434 - Scheduled Checkpoint

8: 2008-05-20 21:31:49 UTC - RP433 - Scheduled Checkpoint

7: 2008-05-19 16:24:56 UTC - RP432 - Windows Backup

-- First Restore Point --

1: 2008-05-14 03:25:46 UTC - RP426 - Windows Update

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Dejan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:11:21 PM, on 5/23/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\sttray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\taskeng.exe

C:\Users\Dejan\Desktop\dss.exe

C:\Windows\system32\DllHost.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Dejan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S243F.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IntelĀ® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 8733 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys

R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; ArcsoftĀ® ASPI Shell>

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-04-23 and 2008-05-23 -----------------------------

2008-05-16 17:49:43 0 d-------- C:\Windows\Sun

-- Find3M Report ---------------------------------------------------------------

2008-05-22 21:52:38 0 d-------- C:\Users\Dejan\AppData\Roaming\U3

2008-05-16 17:55:09 0 d-------- C:\Program Files\Trend Micro

2008-05-16 17:49:19 0 d-------- C:\Program Files\Java

2008-05-14 03:01:58 0 d-------- C:\Program Files\Windows Mail

2008-05-11 21:56:47 0 d-------- C:\Users\Dejan\AppData\Roaming\MagicEffect Photo

2008-05-10 20:02:01 0 d-------- C:\Users\Dejan\AppData\Roaming\Vso

2008-05-07 21:23:00 0 d-------- C:\Users\Dejan\AppData\Roaming\LimeWire

2008-04-27 11:43:56 0 d-------- C:\Users\Dejan\AppData\Roaming\EPSON

2008-04-22 12:15:20 0 d-------- C:\Program Files\Google

2008-04-20 19:49:48 0 d-------- C:\Users\Dejan\AppData\Roaming\FUJIFILM

2008-04-20 19:36:54 0 d-------- C:\Users\Dejan\AppData\Roaming\Yahoo!

2008-04-20 19:34:29 0 d-------- C:\Program Files\FinePixViewerS

2008-04-20 19:33:12 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-19 23:35:40 0 d-------- C:\Users\Dejan\AppData\Roaming\Talkback

2008-04-19 23:35:31 0 d-------- C:\Users\Dejan\AppData\Roaming\Mozilla

2008-04-17 21:31:48 0 d-------- C:\Users\Dejan\AppData\Roaming\SiteAdvisor

2008-04-17 21:31:07 0 d-------- C:\Program Files\Common Files

2008-04-17 21:25:04 0 d-------- C:\Program Files\SiteAdvisor

2008-04-05 15:04:00 0 d-------- C:\Users\Dejan\AppData\Roaming\ArcSoft

2008-04-04 21:56:14 0 d-------- C:\Users\Dejan\AppData\Roaming\iMesh

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/22/2007 04:01 AM]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/09/2007 02:32 PM]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/09/2007 02:32 PM]

"Persistence"="C:\Windows\system32\igfxpers.exe" [02/09/2007 02:32 PM]

"SigmatelSysTrayApp"="sttray.exe" [02/08/2007 01:16 AM C:\Windows\sttray.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM]

"@"="" []

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 12:22 PM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/11/2007 12:05 PM]

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [01/16/2008 06:19 PM]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/08/2007 10:39 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/08/2008 06:05 PM]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]

"EPSON Stylus Photo RX595 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.exe" [03/30/2007 07:00 AM]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"EPSON Stylus Photo R380 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU"

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=0 (0x0)

"DisableChangePassword"=0 (0x0)

"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoClose"=0 (0x0)

"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

AutoRun\command- I:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-23 15:12:40 ------------

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Here is the Deckard System Scanner Extra.txt file:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

MicrosoftƂĀ® Windows VistaĆ¢ā€žĀ¢ Home Premium (build 6000)

Architecture: X86; Language: English

CPU 0: IntelĀ® PentiumĀ® D CPU 2.80GHz

Percentage of Memory in Use: 43%

Physical Memory (total/avail): 2037.32 MiB / 1155.77 MiB

Pagefile Memory (total/avail): 6066.49 MiB / 5210.81 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1925.23 MiB

C: is Fixed (NTFS) - 138.97 GiB total, 52.55 GiB free.

D: is Fixed (NTFS) - 10 GiB total, 4.13 GiB free.

E: is CDROM (No Media)

F: is CDROM (UDF)

H: is Fixed (FAT32) - 189.87 GiB total, 42.02 GiB free.

J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions

\PARTITION0 - Unknown - 39.19 MiB

\PARTITION1 - Installable File System - 10 GiB - D:

\PARTITION2 (bootable) - Installable File System - 138.97 GiB - C:

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE2 - Maxtor 6 L200R0 USB Device - 189.92 GiB - 1 partition

\PARTITION0 (bootable) - Unknown - 189.92 GiB - H:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee) Disabled

FW: ZoneAlarm Pro Firewall v7.1.248.000 (Check Point, LTD.) Disabled

AV: McAfee VirusScan v (McAfee)

AS: McAfee VirusScan v (McAfee)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Dejan\AppData\Roaming

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=HAL2000

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Dejan

LOCALAPPDATA=C:\Users\Dejan\AppData\Local

LOGONSERVER=\\HAL2000

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Program Files\Common Files\ArcSoft\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0407

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Dejan\AppData\Local\Temp

TMP=C:\Users\Dejan\AppData\Local\Temp

tvdumpflags=8

USERDOMAIN=HAL2000

USERNAME=Dejan

USERPROFILE=C:\Users\Dejan

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Dejan

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Dell Games\Battleship - Fleet Command\Uninstall.exe"

--> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"

--> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe"

--> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe"

--> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe"

--> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe"

--> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe"

--> "C:\Program Files\Dell Games\FATE\Uninstall.exe"

--> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe"

--> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe"

--> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe"

--> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe"

--> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe"

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}

ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9

ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly

ArcSoft Print Creations --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9

ArcSoft Print Creations - Album Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1AlbumPage

ArcSoft Print Creations - Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1Funhouse

ArcSoft Print Creations - Greeting Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1GreetingCard

ArcSoft Print Creations - Photo Book --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1PhotoBook

ArcSoft Print Creations - Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1Calendar

ArcSoft Print Creations - Photo Prints --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1PhotoPrint

ArcSoft Print Creations - Scrapbook --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1ScrapBook

ArcSoft Print Creations - Slimline Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1Slimline

Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"

Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"

Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"

Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"

Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"

Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"

Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"

Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"

Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}

DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}

DVDFab Gold 3.0.9.8 --> "C:\Program Files\DVDFab Gold 3\unins000.exe"

DVDFab Gold 4.0.5.0 --> "C:\Program Files\DVDFab Gold 4\unins000.exe"

EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}

EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM

EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON RX595 User's Guide --> C:\Program Files\epson\guide\sprx595_e\uninstall.exe

EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Stylus Photo RX595 Series Scanner Driver Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}\Setup.exe" -l0x9

Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}

Giggles Computer Funtime For BabyĆ¢ā€žĀ¢ - ABC's & 123's --> "C:\Program Files\Giggles Computer Funtime For Baby\Giggles-ABCs & 123s\unins000.exe"

Giggles Computer Funtime For BabyĆ¢ā€žĀ¢ - ABC's & 123's Vista Update --> "C:\Program Files\Giggles Computer Funtime For Baby\Giggles-ABCs & 123s\unins001.exe"

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

iMesh --> C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG

iMesh MediaBar --> C:\Program Files\iMesh applications\iMesh MediaBar\Uninstall.exe

iMesh MediaBar --> regsvr32 /u /s "C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll"

IntelĀ® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall

IntelĀ® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"

McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}

Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}

Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}

Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"

User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"

Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S

Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}

Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type9325 / Error

Event Submitted/Written: 05/22/2008 09:48:52 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application PhotoImpression.exe, version 6.1.3.100, time stamp 0x45b0234f, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9,

process id 0x514, application start time 0xPhotoImpression.exe0.

Event Record #/Type9309 / Success

Event Submitted/Written: 05/22/2008 00:02:52 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

Event Record #/Type9308 / Success

Event Submitted/Written: 05/22/2008 00:02:52 PM

Event ID/Source: 5615 / WinMgmt

Event Description:

Event Record #/Type9306 / Success

Event Submitted/Written: 05/22/2008 00:02:50 PM

Event ID/Source: 902 / Software Licensing Service

Event Description:

The Software Licensing service has started.

Event Record #/Type9296 / Warning

Event Submitted/Written: 05/22/2008 11:45:23 AM

Event ID/Source: 6005 / Wlclntfy

Event Description:

The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type49983 / Warning

Event Submitted/Written: 05/23/2008 03:11:37 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow.

For more information please see the following:

%HAL2000275

Scan ID: {E4197CA1-8BB3-490D-A03C-6B17614F4428}

User: HAL2000\Dejan

Name: %HAL2000271

ID: %HAL2000272

Severity ID: %HAL2000273

Category ID: %HAL2000274

Path Found: %HAL2000276

Alert Type: %HAL2000278

Detection Type: 1.1.1505.02

Event Record #/Type49982 / Warning

Event Submitted/Written: 05/23/2008 03:11:35 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow.

For more information please see the following:

%HAL2000275

Scan ID: {D5E9E2BE-97E3-4D5B-A513-A95C3ABD5717}

User: HAL2000\Dejan

Name: %HAL2000271

ID: %HAL2000272

Severity ID: %HAL2000273

Category ID: %HAL2000274

Path Found: %HAL2000276

Alert Type: %HAL2000278

Detection Type: 1.1.1505.02

Event Record #/Type49981 / Warning

Event Submitted/Written: 05/23/2008 03:11:35 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow.

For more information please see the following:

%HAL2000275

Scan ID: {C0DEBBE5-C382-4FF5-81BE-11C4D3150876}

User: HAL2000\Dejan

Name: %HAL2000271

ID: %HAL2000272

Severity ID: %HAL2000273

Category ID: %HAL2000274

Path Found: %HAL2000276

Alert Type: %HAL2000278

Detection Type: 1.1.1505.02

Event Record #/Type49980 / Warning

Event Submitted/Written: 05/23/2008 03:11:35 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow.

For more information please see the following:

%HAL2000275

Scan ID: {001EC527-7E60-45D4-A6B4-5DEE5EC3763F}

User: HAL2000\Dejan

Name: %HAL2000271

ID: %HAL2000272

Severity ID: %HAL2000273

Category ID: %HAL2000274

Path Found: %HAL2000276

Alert Type: %HAL2000278

Detection Type: 1.1.1505.02

Event Record #/Type49979 / Warning

Event Submitted/Written: 05/23/2008 03:11:35 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow.

For more information please see the following:

%HAL2000275

Scan ID: {8AEADFB0-C33C-4A1F-8D8B-7D3F47A29CAB}

User: HAL2000\Dejan

Name: %HAL2000271

ID: %HAL2000272

Severity ID: %HAL2000273

Category ID: %HAL2000274

Path Found: %HAL2000276

Alert Type: %HAL2000278

Detection Type: 1.1.1505.02

-- End of Deckard's System Scanner: finished at 2008-05-23 15:12:40 ------------

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

Step 1

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

Step 2

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 3

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

1. Followed step 1 and installed Jave Runtime Environment 6 Update 6

2. Cannot complete step 2, I am running Vista

3. Cannot complete Kaspersky WebScanner. When I click on Accept, nothing happens. Part of the same problem I believe.

After rebooting and installing Java, I am still having the same problems.

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

My apolgies, please do the following.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Thanks for helping me out...unfortunately....once again.....nothing happens once I click on the START SCANNING button. Is it possible for something to be on my computer and actually prevent me from doing ANY type of virus scan? The SCAN NOW button on every free viruscan site I have been to does not work. I downloaded my McAfee VirusScan on my laptop, saved it, copied it to a disc, moved the .exe file to my desktop computer, and of course, installation does not proceed.

What else can I try?

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

Lets try two more scans.

Please go HERE to run Panda's TotalScan

  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Once again, no dice, the scan now buttons do not work. Noticed that for each link that does not work for scanning, etc., there is a message that reads "java script:void(0);" in the lower right-hand corner of Explorer.

I am getting ready to do a complete system restore, just backup everything on my external drive and reinstall Vista with the factory disc. What other options do I have at this point?

Thanks alot for your efforts to fix this!

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

Please download Dial-a-fix from HERE and unzip it to your desktop.

  • Double click the Dial-a-fix.exe
  • Place a check next to ActiveX controls/codecs
  • Then hit GO
  • Once the program finishes you may exit out if it.

Now try running Panda Scan or something that uses ActiveX and let me know if it works.

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

Lets run a software scan to make sure you are clean of malware. Then we will get back to the java/active x problem.

Download and scan with SUPERAntiSpyware Free for Home Users

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

    [*]Click the "Close" button to leave the control center screen.

    [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

    [*]On the left, make sure you check C:\Fixed Drive.

    [*]On the right, under "Complete Scan", choose Perform Complete Scan.

    [*]Click "Next" to start the scan. Please be patient while it scans your computer.

    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

    [*]Make sure everything has a checkmark next to it and click "Next".

    [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

    [*]If asked if you want to reboot, click "Yes".

    [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.

    [*]Click Close to exit the program.

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Here are the results of my SUPERAntiSpyware scan:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/29/2008 at 01:03 AM

Application Version : 4.1.1046

Core Rules Database Version : 3470

Trace Rules Database Version: 1461

Scan type : Complete Scan

Total Scan Time : 04:30:52

Memory items scanned : 489

Memory threats detected : 0

Registry items scanned : 7272

Registry threats detected : 0

File items scanned : 598906

File threats detected : 84

Adware.Tracking Cookie

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@adrevolver[2].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@adultfriendfinder[2].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@atdmt[2].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@bluestreak[2].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@cracked[2].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@dmtracker[1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@sextracker[1].txt

C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@adrevolver[2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@adultfriendfinder[2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@atdmt[2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@bluestreak[2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@cracked[2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@dmtracker[1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@sextracker[1].txt

C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Documents and Settings\Dejan\Cookies\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@adrevolver[2].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@adultfriendfinder[2].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@atdmt[2].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@bluestreak[2].txt

C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@cracked[2].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@dmtracker[1].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@doubleclick[1].txt

C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt

C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt

C:\Documents and Settings\Dejan\Cookies\Low\dejan@sextracker[1].txt

C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@adrevolver[2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@adultfriendfinder[2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@atdmt[2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@bluestreak[2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@cracked[2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@dmtracker[1].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@doubleclick[1].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dejan@sextracker[1].txt

C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\dejan@doubleclick[1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@adrevolver[2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@adultfriendfinder[2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@atdmt[2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@bluestreak[2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@cracked[2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@dmtracker[1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@doubleclick[1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\dejan@sextracker[1].txt

C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\Dejan\Cookies\dejan@doubleclick[1].txt

C:\Users\Dejan\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\Cookies\Low\dejan@adrevolver[2].txt

C:\Users\Dejan\Cookies\Low\dejan@adultfriendfinder[2].txt

C:\Users\Dejan\Cookies\Low\dejan@atdmt[2].txt

C:\Users\Dejan\Cookies\Low\dejan@bluestreak[2].txt

C:\Users\Dejan\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\Cookies\Low\dejan@cracked[2].txt

C:\Users\Dejan\Cookies\Low\dejan@dmtracker[1].txt

C:\Users\Dejan\Cookies\Low\dejan@doubleclick[1].txt

C:\Users\Dejan\Cookies\Low\[email protected][1].txt

C:\Users\Dejan\Cookies\Low\[email protected][2].txt

C:\Users\Dejan\Cookies\Low\dejan@sextracker[1].txt

C:\Users\Dejan\Cookies\Low\[email protected][2].txt

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Nice job your log looks clean!

Please use the following suggestion to help prevent reinfection.

Well from your logs, you are clear of malware. I would post in the PC support section if you are still having issues. Let them know that I have cleared you of malware as well.

http://www.besttechie.net/forums/PC-Support-f3.html

Also, you may delete any tools I had you download during the cleaning process.

Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system.

**Tutorial on installing & using this product can be found HERE**

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

Antivirus Program An Antivirus program is almost a necessity in today's digital world to stay protected. I notice that you don't have one installed! Therefore I recommend avast! 4 Home Edition, Anti-Vir, or PC Tools AntiVirus.

Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

**Tutorial on Firewalls can be found HERE**

It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these.

Windows Updates - It is highly recommend to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

And finally a little recommended action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :)

Link to post
Share on other sites
dejanvu

dejanvu

Posted
  • Author
Posted

Thanks again for all your help, however, my problem has not been resolved. I still have the original issues I posted about.

Something with Java/Active X/Flash.

Shoult we keep trying, otherwise, what are my options? At what point do I just backup and reinstall Vista witht he factory disc?

DeJaN

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing