Sponsored By

dejanvu

Members
  • Content Count

    14
  • Joined

  • Last visited

About dejanvu

  • Rank
    Member
  1. dejanvu

    Hijack This Log[RESOLVED]

    Will do, thanks for your help.
  2. dejanvu

    Hijack This Log[RESOLVED]

    Thanks again for all your help, however, my problem has not been resolved. I still have the original issues I posted about. Something with Java/Active X/Flash. Shoult we keep trying, otherwise, what are my options? At what point do I just backup and reinstall Vista witht he factory disc? DeJaN
  3. dejanvu

    Hijack This Log[RESOLVED]

    Here are the results of my SUPERAntiSpyware scan: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/29/2008 at 01:03 AM Application Version : 4.1.1046 Core Rules Database Version : 3470 Trace Rules Database Version: 1461 Scan type : Complete Scan Total Scan Time : 04:30:52 Memory items scanned : 489 Memory threats detected : 0 Registry items scanned : 7272 Registry threats detected : 0 File items scanned : 598906 File threats detected : 84 Adware.Tracking Cookie C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt C:\Users\Dejan\Cookies\Low\[email protected][1].txt C:\Users\Dejan\Cookies\Low\[email protected][2].txt
  4. dejanvu

    Hijack This Log[RESOLVED]

    Dial A Fix does not work for Vista. Still willing to try anything else you can think of...
  5. dejanvu

    Hijack This Log[RESOLVED]

    Once again, no dice, the scan now buttons do not work. Noticed that for each link that does not work for scanning, etc., there is a message that reads "java script:void(0);" in the lower right-hand corner of Explorer. I am getting ready to do a complete system restore, just backup everything on my external drive and reinstall Vista with the factory disc. What other options do I have at this point? Thanks alot for your efforts to fix this!
  6. dejanvu

    Hijack This Log[RESOLVED]

    Thanks for helping me out...unfortunately....once again.....nothing happens once I click on the START SCANNING button. Is it possible for something to be on my computer and actually prevent me from doing ANY type of virus scan? The SCAN NOW button on every free viruscan site I have been to does not work. I downloaded my McAfee VirusScan on my laptop, saved it, copied it to a disc, moved the .exe file to my desktop computer, and of course, installation does not proceed. What else can I try?
  7. dejanvu

    Hijack This Log[RESOLVED]

    1. Followed step 1 and installed Jave Runtime Environment 6 Update 6 2. Cannot complete step 2, I am running Vista 3. Cannot complete Kaspersky WebScanner. When I click on Accept, nothing happens. Part of the same problem I believe. After rebooting and installing Java, I am still having the same problems.
  8. dejanvu

    Hijack This Log[RESOLVED]

    Here is the Deckard System Scanner Extra.txt file: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vistaâ„¢ Home Premium (build 6000) Architecture: X86; Language: English CPU 0: Intel® Pentium® D CPU 2.80GHz Percentage of Memory in Use: 43% Physical Memory (total/avail): 2037.32 MiB / 1155.77 MiB Pagefile Memory (total/avail): 6066.49 MiB / 5210.81 MiB Virtual Memory (total/avail): 2047.88 MiB / 1925.23 MiB C: is Fixed (NTFS) - 138.97 GiB total, 52.55 GiB free. D: is Fixed (NTFS) - 10 GiB total, 4.13 GiB free. E: is CDROM (No Media) F: is CDROM (UDF) H: is Fixed (FAT32) - 189.87 GiB total, 42.02 GiB free. J: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 39.19 MiB \PARTITION1 - Installable File System - 10 GiB - D: \PARTITION2 (bootable) - Installable File System - 138.97 GiB - C: \\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device \\.\PHYSICALDRIVE2 - Maxtor 6 L200R0 USB Device - 189.92 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 189.92 GiB - H: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: McAfee Personal Firewall v (McAfee) Disabled FW: ZoneAlarm Pro Firewall v7.1.248.000 (Check Point, LTD.) Disabled AV: McAfee VirusScan v (McAfee) AS: McAfee VirusScan v (McAfee) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dejan\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HAL2000 ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dejan LOCALAPPDATA=C:\Users\Dejan\AppData\Local LOGONSERVER=\\HAL2000 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Common Files\ArcSoft\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0407 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Dejan\AppData\Local\Temp TMP=C:\Users\Dejan\AppData\Local\Temp tvdumpflags=8 USERDOMAIN=HAL2000 USERNAME=Dejan USERPROFILE=C:\Users\Dejan windir=C:\Windows -- User Profiles --------------------------------------------------------------- Dejan -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Dell Games\Battleship - Fleet Command\Uninstall.exe" --> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe" --> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe" --> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe" --> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe" --> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe" --> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe" --> "C:\Program Files\Dell Games\FATE\Uninstall.exe" --> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe" --> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe" --> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe" --> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe" --> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe" --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9 ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly ArcSoft Print Creations --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 ArcSoft Print Creations - Album Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1AlbumPage ArcSoft Print Creations - Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1Funhouse ArcSoft Print Creations - Greeting Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1GreetingCard ArcSoft Print Creations - Photo Book --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1PhotoBook ArcSoft Print Creations - Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1Calendar ArcSoft Print Creations - Photo Prints --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1PhotoPrint ArcSoft Print Creations - Scrapbook --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1ScrapBook ArcSoft Print Creations - Slimline Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F75F3D8C-8051-49FC-A595-75245E526DA6}\Setup.exe" -l0x9 -1Slimline Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini" Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini" Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini" Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe" Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24} DVDFab Gold 3.0.9.8 --> "C:\Program Files\DVDFab Gold 3\unins000.exe" DVDFab Gold 4.0.5.0 --> "C:\Program Files\DVDFab Gold 4\unins000.exe" EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2} EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON RX595 User's Guide --> C:\Program Files\epson\guide\sprx595_e\uninstall.exe EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Stylus Photo RX595 Series Scanner Driver Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}\Setup.exe" -l0x9 Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1} Giggles Computer Funtime For Babyâ„¢ - ABC's & 123's --> "C:\Program Files\Giggles Computer Funtime For Baby\Giggles-ABCs & 123s\unins000.exe" Giggles Computer Funtime For Babyâ„¢ - ABC's & 123's Vista Update --> "C:\Program Files\Giggles Computer Funtime For Baby\Giggles-ABCs & 123s\unins001.exe" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall iMesh --> C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG iMesh MediaBar --> C:\Program Files\iMesh applications\iMesh MediaBar\Uninstall.exe iMesh MediaBar --> regsvr32 /u /s "C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll" Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe" McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668} Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931} Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type9325 / Error Event Submitted/Written: 05/22/2008 09:48:52 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application PhotoImpression.exe, version 6.1.3.100, time stamp 0x45b0234f, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9, process id 0x514, application start time 0xPhotoImpression.exe0. Event Record #/Type9309 / Success Event Submitted/Written: 05/22/2008 00:02:52 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type9308 / Success Event Submitted/Written: 05/22/2008 00:02:52 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type9306 / Success Event Submitted/Written: 05/22/2008 00:02:50 PM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type9296 / Warning Event Submitted/Written: 05/22/2008 11:45:23 AM Event ID/Source: 6005 / Wlclntfy Event Description: The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff). -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type49983 / Warning Event Submitted/Written: 05/23/2008 03:11:37 PM Event ID/Source: 3004 / WinDefend Event Description: %HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow. For more information please see the following: %HAL2000275 Scan ID: {E4197CA1-8BB3-490D-A03C-6B17614F4428} User: HAL2000\Dejan Name: %HAL2000271 ID: %HAL2000272 Severity ID: %HAL2000273 Category ID: %HAL2000274 Path Found: %HAL2000276 Alert Type: %HAL2000278 Detection Type: 1.1.1505.02 Event Record #/Type49982 / Warning Event Submitted/Written: 05/23/2008 03:11:35 PM Event ID/Source: 3004 / WinDefend Event Description: %HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow. For more information please see the following: %HAL2000275 Scan ID: {D5E9E2BE-97E3-4D5B-A513-A95C3ABD5717} User: HAL2000\Dejan Name: %HAL2000271 ID: %HAL2000272 Severity ID: %HAL2000273 Category ID: %HAL2000274 Path Found: %HAL2000276 Alert Type: %HAL2000278 Detection Type: 1.1.1505.02 Event Record #/Type49981 / Warning Event Submitted/Written: 05/23/2008 03:11:35 PM Event ID/Source: 3004 / WinDefend Event Description: %HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow. For more information please see the following: %HAL2000275 Scan ID: {C0DEBBE5-C382-4FF5-81BE-11C4D3150876} User: HAL2000\Dejan Name: %HAL2000271 ID: %HAL2000272 Severity ID: %HAL2000273 Category ID: %HAL2000274 Path Found: %HAL2000276 Alert Type: %HAL2000278 Detection Type: 1.1.1505.02 Event Record #/Type49980 / Warning Event Submitted/Written: 05/23/2008 03:11:35 PM Event ID/Source: 3004 / WinDefend Event Description: %HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow. For more information please see the following: %HAL2000275 Scan ID: {001EC527-7E60-45D4-A6B4-5DEE5EC3763F} User: HAL2000\Dejan Name: %HAL2000271 ID: %HAL2000272 Severity ID: %HAL2000273 Category ID: %HAL2000274 Path Found: %HAL2000276 Alert Type: %HAL2000278 Detection Type: 1.1.1505.02 Event Record #/Type49979 / Warning Event Submitted/Written: 05/23/2008 03:11:35 PM Event ID/Source: 3004 / WinDefend Event Description: %HAL200027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAL200027 can't undo changes that you allow. For more information please see the following: %HAL2000275 Scan ID: {8AEADFB0-C33C-4A1F-8D8B-7D3F47A29CAB} User: HAL2000\Dejan Name: %HAL2000271 ID: %HAL2000272 Severity ID: %HAL2000273 Category ID: %HAL2000274 Path Found: %HAL2000276 Alert Type: %HAL2000278 Detection Type: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-05-23 15:12:40 ------------
  9. dejanvu

    Hijack This Log[RESOLVED]

    Here is the Deckard System Scanner Main.txt file: Deckard's System Scanner v20071014.68 Run by Dejan on 2008-05-23 15:10:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 11: 2008-05-23 18:58:30 UTC - RP436 - Windows Update 10: 2008-05-22 16:09:12 UTC - RP435 - Windows Update 9: 2008-05-22 00:12:45 UTC - RP434 - Scheduled Checkpoint 8: 2008-05-20 21:31:49 UTC - RP433 - Scheduled Checkpoint 7: 2008-05-19 16:24:56 UTC - RP432 - Windows Backup -- First Restore Point -- 1: 2008-05-14 03:25:46 UTC - RP426 - Windows Update Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Dejan.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:11:21 PM, on 5/23/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\taskeng.exe C:\Users\Dejan\Desktop\dss.exe C:\Windows\system32\DllHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Dejan.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S243F.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 8733 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell> S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio> S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-04-23 and 2008-05-23 ----------------------------- 2008-05-16 17:49:43 0 d-------- C:\Windows\Sun -- Find3M Report --------------------------------------------------------------- 2008-05-22 21:52:38 0 d-------- C:\Users\Dejan\AppData\Roaming\U3 2008-05-16 17:55:09 0 d-------- C:\Program Files\Trend Micro 2008-05-16 17:49:19 0 d-------- C:\Program Files\Java 2008-05-14 03:01:58 0 d-------- C:\Program Files\Windows Mail 2008-05-11 21:56:47 0 d-------- C:\Users\Dejan\AppData\Roaming\MagicEffect Photo 2008-05-10 20:02:01 0 d-------- C:\Users\Dejan\AppData\Roaming\Vso 2008-05-07 21:23:00 0 d-------- C:\Users\Dejan\AppData\Roaming\LimeWire 2008-04-27 11:43:56 0 d-------- C:\Users\Dejan\AppData\Roaming\EPSON 2008-04-22 12:15:20 0 d-------- C:\Program Files\Google 2008-04-20 19:49:48 0 d-------- C:\Users\Dejan\AppData\Roaming\FUJIFILM 2008-04-20 19:36:54 0 d-------- C:\Users\Dejan\AppData\Roaming\Yahoo! 2008-04-20 19:34:29 0 d-------- C:\Program Files\FinePixViewerS 2008-04-20 19:33:12 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-19 23:35:40 0 d-------- C:\Users\Dejan\AppData\Roaming\Talkback 2008-04-19 23:35:31 0 d-------- C:\Users\Dejan\AppData\Roaming\Mozilla 2008-04-17 21:31:48 0 d-------- C:\Users\Dejan\AppData\Roaming\SiteAdvisor 2008-04-17 21:31:07 0 d-------- C:\Program Files\Common Files 2008-04-17 21:25:04 0 d-------- C:\Program Files\SiteAdvisor 2008-04-05 15:04:00 0 d-------- C:\Users\Dejan\AppData\Roaming\ArcSoft 2008-04-04 21:56:14 0 d-------- C:\Users\Dejan\AppData\Roaming\iMesh -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/22/2007 04:01 AM] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/09/2007 02:32 PM] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/09/2007 02:32 PM] "Persistence"="C:\Windows\system32\igfxpers.exe" [02/09/2007 02:32 PM] "SigmatelSysTrayApp"="sttray.exe" [02/08/2007 01:16 AM C:\Windows\sttray.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 12:22 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/11/2007 12:05 PM] "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [01/16/2008 06:19 PM] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/08/2007 10:39 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/08/2008 06:05 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM] "EPSON Stylus Photo RX595 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.exe" [03/30/2007 07:00 AM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "EPSON Stylus Photo R380 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) "DisableChangePassword"=0 (0x0) "DisableLockWorkstation"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoClose"=0 (0x0) "NoLogoff"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- I:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-05-23 15:12:40 ------------
  10. dejanvu

    Hijack This Log[RESOLVED]

    Here is my HiJackThis log, following the instructions you provided: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:05:26 PM, on 5/23/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S243F.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 8732 bytes
  11. dejanvu

    Hijack This Log[RESOLVED]

    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:42:10 PM, on 5/16/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Dejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ER4H978\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S243F.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R380 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S200D.tmp" /EF "HKCU" (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 8403 bytes
  12. I really need some help. Basically the story goes like this: My subscription to McAfee Security Center expired and I was having problems with downloading my renewal once I paid for another year's subscription on the website. So I went to online chat customer service on service.mcafee.com. They advised me to uninstall the entire McAfee product, which I did online with the rep, and was told re-boot, then go to a link and then download the new product. I rebooted, and went online to download McAfee Anti-Virus, but nothing worked from there worked. Anything which seems to use Java, Flash, or maybe Active X (?) controls does not work. I cannot login to anything. Links on service.mcafee.com do not work anymore. Certain videos do not play. I cannot renew my ZoneAlarm subscription, etc. What can I try?